Config config php где лежит nextcloud

Установка NextCloud на Ubuntu 20.04

Об этом не все знают, но первоначально Nextcloud был частью проекта OwnCloud. За небольшой промежуток времени NC вырос и в 2016 году отделился. С того момента Nextcloud стал самостоятельным проектом с открытым исходным кодом. Благодаря этому любой заинтересованный пользователь может создать свое личное облачное хранилище, самостоятельно разместить ПО и собрать индивидуальное решение.

После установки Nextcloud в вашем распоряжении будет рабочее пространство с почтовыми программами, схожими с Gmail, различными документами (вроде Google Docs) и возможностью делиться файлами (как это позволяет Dropbox). Также календарь с заметками, планировщики задач и другие полезные вещи, которые помогают структурировать информацию.

Устанавливаем и настраиваем NextCloud

Данное руководство поможет выполнить установку и последующую настройку облачного хранилища NextCloud максимально быстро. Из трех способов установки, упомянутых ниже, мы выбрали второй.

Способы установки NC:

1. Через систему управления контейнерами Docker .
2. Через пакет приложений snap. Он поддерживают любые дистрибутивы Linux. Мы будем использовать дистрибутив Ubuntu 20.04.
3. Ручная установка на сервер.

Второй метод был выбран по нескольким причинам. Во-первых, он наиболее эффективный, доступный и быстрый. Во-вторых, существенную роль сыграли преимущества Snap-пакетов. Они полностью укомплектованы, содержат в себе все зависимости и автоматически обновляются. Чтобы все заработало, достаточно утилиты (менеджер пакетов snapd). Установить этот пакет можно прямо из Snap Store. Единственный минус этой системы в том, что пакет занимает много места на диске.

Мы будем использовать облачный сервер с Ubuntu.

Пошаговая инструкция установки NextCloud на Ubuntu 20.04

Ниже мы расписали все этапы установки, последовательность которых необходимо соблюдать:

1. Инсталлируем NextCloud в Ubuntu.
2. Создаем профиль (учетную запись пользователя).
3. Настраиваем доверенные домены.
4. Защищаем веб-интерфейс одним из методов (зависит от наличия доменного имени).
5. Тестируем.

Первый шаг

Для загрузки Nextcloud snap запустите команду с и спользованием утилиты sudo. Это позволит запускать программы без привилегий пользователя root и получить права администратора.

Проверяем установку приложения:

Сообщение подтверждает, что установка NextCloud осуществилась:

Такое сообщение должно появиться и у вас.

Второй шаг

После установки NextCloud создаем аккаунт с логином и паролем.

Следом приходит сообщение, что запись настроена правильно. Теперь все права для работы с базой данных переданы пользователю username.

Третий шаг

Переходим к настройке доменного имени. Так NC будет воспринимать HTTP-запросы, которые поступают не только сервера localhost. Допустим, сервер доступен по адресу 192.168.0.15, но мы хотим, чтобы он был доступен по адресу «mycloud.com». Для этого мы изменяем запись trusted_domains в файле config.php. По умолчанию адрес домена в NextCloud дополняется файлом с расширением « index.php».

Проверим, какие настройки у нас есть сейчас:

Из сообщения видим, что пока массив trusted_domains содержит только localhost. Попробуем добавить еще запись в массив , увеличив номер индекса на один и изменив значение value. Для этого скопируйте и вставьте в свою командную строку команду:

Проверяем, сколько значений содержит массив сейчас:

Результат (в нашем случае должно быть два домена):

Используя данный алгоритм, можно добавлять доверенные домены и IP-адреса. Следующим шагом необходимо защитить веб-интерфейс. Порт 80 предназначен для сайтов с незашифрованным HTTP-трафиком, а 443 используется для сайтов с защищенным соединением. Как защитить свои данные, вы узнаете ниже.

Четвертый шаг

Чтобы между браузером и сервером (между клиентом и сервером) обеспечить безопасное соединение, необходимо произвести настройку SSL. При использовании SSL-сертификатов HTTPS заменяет HTTP в URL-адресе. SSL-сертификат информируют пользователей сайта о том, что соединение защищено, и сайту можно доверять. Подробнее об SSL мы писали в статье «Что такое SSL-сертификат и для чего он нужен».

Теперь о его получении. В начале этого руководства мы упоминали про два развития событий, которые зависят от привязки доменного имени к серверу.

Первый — когда серверу присвоено доменное имя. В этом случае рекомендуем пройти бесплатную сертификацию SSL от Let’s Encrypt. Ниже вы найдете подробную инструкцию как это сделать. Во втором варианте есть возможность произвести настройку сертификата с собственной подписью. Чем они отличаются друг от друга? Интернет-браузеры не доверяют самоподписанному сертификату по умолчанию, и при подключении внешнего посетителя выдает сообщение: «Сертификат безопасности не является доверенным!».

Сертификация от Let’s Encrypt

Срок действия сертификата составляет 90 дней, но по истечении этого промежутка времени он автоматически обновляется. Переходим к настройке.

Открываем порты брэндмауэра:

Затем запрашиваем сертификат:

И подтверждаем соответствие своего сервера условиям для запроса сертификата. В конце этого сообщения вопрос. Чтобы продолжить, вводим «Y»:

В следующей строке указываем email, который потребуется для важных уведомлений.

После чего, чтобы завершить, необходимо ввести само доменное имя.

Если все команды заданы верно, то сервер запросит SSL-сертификат и перезапустит веб-сервер Apache для NextCloud.

Дальше можно выполнять вход в собственное облачное хранилище.

Самоподписанный сертификат SSL

Та кой способ шифрует данные, но не подтверждает домен.

Для создания сертификата с собственной подписью запустите команду:

Сообщение об активации сертификата:

Чтобы войти в NC, открываем веб-порты брандмауэра:

Пятый шаг

Этапы установки и настройки пройдены. Пора попробовать зайти на сервер. Для этого достаточно ввести в поисковую строку браузера доменное имя или IP-адрес. Мы попадем на главную страницу, где требуется ввод логина и пароля. Если веб-интерфейс защищен самоподписанным сертификатом, то первоначально появиться окошко с предупреждением о небезопасном подключении. Проигнорируйте данное сообщение. При наличии заверенного сертификата сразу открывается окно с приветствием. Закрыв это, сразу можно приступать к работе с файлами.

Работа над ошибками

Для корректной работы Nextcloud необходимо проверить приложение на наличие проблем. В раздел «Проверка безопасности и параметров» можно зайти через настройки или через адресную строку браузера:

После перехода сразу появится страница со списком проблем. Сейчас мы рассмотрим исправления ошибок NextCloud.

1) Не хватает памяти: зачастую для стабильной работы требуется увеличить лимит памяти до 512 МБ. Изначально предоставляется 128 МБ. Для этого входим на сервер при помощи терминала и изменяем настройку для memory_limit с 128 на 512:

2) Необходимо настроить систему кэширования: требуется увеличить производительность сервера и настроить одно из средств кэширования (Memcache, APCu или Redis). У нас будет Memcache. После установки модуля откроем конфигурационный файл и настроим Memcache для сервера.

Затем необходимо перезапустить Apache и PHP-FPM:

3) Не указано месторасположение сервера: лучше сразу определить регион с той целью, чтобы проверять мобильные номера пользователей без использования кода страны. Для этого добавляем параметр «default_phone_region» в соответствии с ISO 3166-1.

4) Отсутствие некоторых индексов в базе данных: распространенная ошибка, поскольку в связи с экономией времени индексы не добавляются автоматически

Создаем индексы с помощью команды add-missing-indices:

5) Требуется преобразование индексов базы данных в big int с помощью команды convert-filecache-bigint:

Также можно получить дополнительную информацию о конкретных привязках:

Какие службы и приложения содержит пакет snap:

Установка завершена

После устранения всех ошибок снова заходим в раздел с проверкой безопасности. Если все проверки пройдены и ошибок не обнаружено, то можно переходить к работе, настроить синхронизацию и обмениваться файлами. Узнать еще больше про облачные сервисы можно в блоге Timeweb Cloud .

Кстати, в официальном канале Timeweb Cloud собрали комьюнити из специалистов, которые говорят про IT-тренды, делятся полезными инструкциями и даже приглашают к себе работать.

Nextcloud 26 Installation on Debian

Debian Nextcloud VPS Last updated on 07/05/2023 — With the release of the first update to Nextcloud 26 a.k.a. Hub 4, as usual, I updated this tutorial to reflect its installation on Debian 11.

Finally, I’ll now cover the installation of Nextcloud on Debian!

At this point, is expected that you already had:

• Choose a VPS provider and concluded the initial setup of your Debian server;
• Installed Nginx;
• Installed PostgreSQL;
• Installed PHP 8.1.

I’m currently using Debian 11, but these instructions may be equally valid for other versions of Debian and Ubuntu.

Table Of Contents

Download Nextcloud 26

To download Nextcloud 26, change into the /tmp folder, to keep things clean, and use wget to download the archive:

With the archive downloaded, now unzip it. We’ll also attempt to install unzip , in case we don’t have it installed already. The -d switch specifies the target directory, so the archive will be extracted to /var/www/nextcloud :

Now we’ll have to change the owner of /var/www/nextcloud so Nginx can write to it:

Install PHP Required Modules

Beyond the ones we installed previously, Nextcloud requires some additional PHP modules. To install them, run the following command:

Configure PHP

To meet the requirements of Nextcloud we need to make some changes in PHP configuration. The first one is changing the memory_limit . This setting is in php.ini, we can edit it running:

Search for memory_limit and change it to 512M .

Once we’re editing php.ini you can take the opportunity to set upload_max_filesize and post_max_size according to your preferences.

Another thing is that as we’re using php-fpm , system environment variables like PATH, TMP or others are not automatically populated. A PHP call like getenv(‘PATH’); can therefore return an empty result. So we need to manually configure the environment variables in www.conf. To edit this file run:

Usually, near the bottom of the file, we will find some or all of the environment variables already, but commented out like this:

Just uncomment the ones that refer to PATH and TMP, like this:

With this changes done, restart the PHP service:

Create PostgreSQL User and Database

To create a user and database for Nextcloud we first need to login to PostgreSQL prompt:

Then create a username (choose a username and password according to your preferences):

Create a database:

Set the user you created as the owner of the database:

Grant the user all the privileges over the database:

To quit the PostgreSQL prompt, run:

Configure Nginx

We’ll now create a Nginx server block to nextcloud. I’m naming it nextcloud but you can name it whatever you like:

Copy the following content to the file and change the server_name from box.emanuelpina.ml to the domain address you want use:

Save and close the file when you’re done.

Once created, to enable the server block we need to create a symbolic link of it into /etc/nginx/sites-enabled/ using the following command:

Make sure that there are no syntax errors in the Nginx files:

If there aren’t any issues, restart Nginx to enable the changes:

Enable SSL

We can use certbot to obtain a Let’s Encrypt SSL certificate to our Nextcloud. If you didn’t already, install it as its Nginx package running the following command:

Then to use Certbot, run:

At our first time running Certbot, we’ll be prompted to enter an email address, agree to the terms of service and authorise or not EEF (the entity that mantains Certbot) to send emails to us.

We’ll then be presented with a list of all domains enabled on our server:

Select the appropriate number for the domain you want to obtain a certificate (for our example type 1 ) and press ENTER . After doing so, Certbot will communicate with the Let’s Encrypt server, then run a challenge to verify that we control the domain we’re requesting a certificate for.

If that’s successful, Certbot will finish with a message like below. Look at IMPORTANT NOTES and save the locations of both the certificate and key .

Now, edit the Nextcloud’s server block:

And replace its content with the following code. Don’t forget to change the server_name from box.emanuelpina.ml to the domain address you want and update the locations to the SSL certificate and key :

Make sure that there are no syntax errors in the Nginx files:

If there aren’t any issues, restart Nginx to enable the changes:

Complete Installation

Now, to complete Nextcloud installation, in a browser visit the domain address you chosed and you will be presented with a form to fill.

On this form on “Create an admin account” we should chose a username and password for our admin account. And on “Configure Database” we should fill it with the username, password and database name defined above.

After filling the form just click on Finish setup and wait for the installation to complete. At the end we’ll be redirected to our dashboard.

And that’s it! Our Nextcloud installation is ready for use.

Additional configurations

Following we’ll look at some additional configurations that despite being optional, are advisable.

Memory Caching

Enabling memory caching can significantly improve the perfomance of your Nextcloud. The recommend solutions to implement should be based on the size and propose of our Nextcloud. For a small instance with a single server the recommended configuration is APCu for local memcache and Redis for everything else: 1

• APCu: an in-memory key-value store for PHP;
• Redis: an excellent modern memcache to use for distributed caching, and as a key-value store for Transactional File Locking.

To install APCu, go back to your terminal and run the following commands:

And to install Redis, run:

Then restart Nginx:

Now we need to configure Nextcloud to use both APCu and Redis. To do so let’s edit the Nextcloud configuration file:

And add the following lines just bellow ‘installed’ => true, :

Background jobs

A system like Nextcloud sometimes requires tasks to be done on a regular basis without the need for user interaction or hindering Nextcloud performance. For that purpose, we can define background jobs. These jobs are typically referred to as cron jobs.

Cron jobs are commands or shell-based scripts that are scheduled to run periodically at fixed times, dates, or intervals. cron.php is a Nextcloud internal process that runs such background jobs on demand.

We can schedule cron jobs in three ways – using AJAX, Webcron, or cron. The default method is to use AJAX. However, the recommended method is to use the operating system cron feature. 2

To run a cron job on our system, every 5 minutes, under the default Web server user, we must set up the following cron job to call the cron.php script.

Edit the crontab of the default Web server user ( www-data ):

And append the following line, replacing the path /var/www/nextcloud/cron.php with the path to your current Nextcloud installation:

We can verify if the cron job has been added and scheduled running:

Finally, choose Cron in the Background jobs section of the Admin settings page at Setting > Administration > Basic settings > Background jobs .

Previews generation

By default, Nextcloud thumbnail system generates previews of files for the following filetypes:

• Images files;
• Cover of MP3 files;
• Text documents.

Additional, we can add support for SVG and video files, installing those packages:

To add support for PDF files, we must install ghostscript :

And tweak ImageMagick’s security policy:

Look for <policy domain=»coder» rights=»none» pattern=»PDF» /> at the end of the file. And comment the line, so it look like:

The generation of previews can use a fair amount of hardware resources and can degrade our experience when using Nextcloud. We can prevent that, using an app called Preview Generator and setting a cron job that runs periodically on the background and generates previews for new or recently changed files.

To do so, first run the following commands to install and enable the app, where /var/www/nextcloud/ is the path to our Nextcloud installation:

To set for which filetypes Nextcloud should generate previews, edit the Nextcloud configuration file:

And add the following lines just bellow ‘installed’ => true, :

Then, before setting a cron job, we should generate all previews running:

We can now edit the crontab of the default Web server user ( www-data ):

And add a cron job that will run the application each 10 minutes:

Email

Nextcloud is capable of sending password reset emails, notifying users of new file shares, changes in files, and activity notifications.

Nextcloud does not contain a full email server, but rather connects to your existing mail server, and supports three types of connections: SMTP, qmail, and Sendmail.

I recommend using a SMTP server, more precisely a SMTP relay, like Mailgun.

To connect Nextcloud to a remote SMTP server, we need the following information:

• Encryption type: None, SSL/TLS, or STARTTLS;
• The From address we want our outgoing Nextcloud mails to use;
• Whether authentication is required;
• Authentication method: None, Login, Plain, or NT LAN Manager;
• The server’s IP address or fully-qualified domain name and the SMTP port;
• Login credentials (if required).

Having this information we can then fill the configuration wizzard in the Email Server section of the Admin settings page at Setting > Administration > Basic settings > Email server .

Default phone region

Since Nextcloud 21, is recommend setting a default region for phone numbers, using ISO 3166-1 country codes such as DE for Germany, FR for France, PT for Portugal… It is required to allow inserting phone numbers in the user profiles starting without the country code (e.g. +351 for Portugal).

We can do that by editing the Nextcloud configuration file:

And adding the following line, just bellow ‘installed’ => true, , changing the value to correspond to your country:

Congratulations ��

You now have your self-hosted cloud storage solution and are one step closer to be the owner of your data!

Do you want contribute and add something to this tutorial? Have you found a typo, grammar or formatting error? Please, feel free to contact me or edit this post and open a pull resquest.

Configuration Parameters

Nextcloud uses the config/config.php file to control server operations. config/config.sample.php lists all the configurable parameters within Nextcloud, along with example or default values. This document provides a more detailed reference. Most options are configurable on your Admin page, so it is usually not necessary to edit config/config.php .

The installer creates a configuration containing the essential parameters. Only manually add configuration parameters to config/config.php if you need to use a special value for a parameter. Do not copy everything from config/config.sample.php . Only enter the parameters you wish to modify!

Multiple config.php file

Nextcloud supports loading configuration parameters from multiple files. You can add arbitrary files ending with .config.php in the config/ directory, for example you could place your email server configuration in email.config.php . This allows you to easily create and manage custom configurations, or to divide a large complex configuration file into a set of smaller files. These custom files are not overwritten by Nextcloud, and the values in these files take precedence over config.php .

Default Parameters

These parameters are configured by the Nextcloud installer, and are required for your Nextcloud server to operate.

This is a unique identifier for your Nextcloud installation, created automatically by the installer. This example is for documentation only, and you should never use it because it will not work. A valid instanceid is created when you install Nextcloud.

The salt used to hash all passwords, auto-generated by the Nextcloud installer. (There are also per-user salts.) If you lose this salt you lose all your passwords. This example is for documentation only, and you should never use it.

Secret used by Nextcloud for various purposes, e.g. to encrypt data. If you lose this string there will be data corruption.

Your list of trusted domains that users can log into. Specifying trusted domains prevents host header poisoning. Do not remove this, as it performs necessary security checks.

You can specify:

the exact hostname of your host or virtual host, e.g. demo.example.org.

the exact hostname with permitted port, e.g. demo.example.org:443. This disallows all other ports on this host

use * as a wildcard, e.g. ubos-raspberry-pi*.local will allow ubos-raspberry-pi.local and ubos-raspberry-pi-2.local

the IP address with or without permitted port, e.g. [2001:db8::1]:8080 Using TLS certificates where commonName=<IP address> is deprecated

Where user files are stored. The SQLite database is also stored here, when you use SQLite.

Default to data/ in the Nextcloud directory.

The current version number of your Nextcloud installation. This is set up during installation and update, so you shouldn’t need to change it.

Identifies the database used with this installation. See also config option supportedDatabases

Defaults to sqlite3

Your host server name, for example localhost , hostname , hostname.example.com , or the IP address. To specify a port use hostname:#### ; to specify a Unix socket use /path/to/directory/containing/socket e.g. /run/postgresql/ .

The name of the Nextcloud database, which is set during installation. You should not need to change this.

The user that Nextcloud uses to write to the database. This must be unique across Nextcloud instances using the same SQL database. This is set up during installation, so you shouldn’t need to change it.

The password for the database user. This is set up during installation, so you shouldn’t need to change it.

Prefix for the Nextcloud tables in the database.

Enable persistent connexions to the database.

This setting uses the “persistent” option from doctrine dbal, which in turn uses the PDO::ATTR_PERSISTENT option from the pdo driver.

Indicates whether the Nextcloud instance was installed successfully; true indicates a successful installation, and false indicates an unsuccessful installation.

Defaults to false

Default config.php Examples

When you use SQLite as your Nextcloud database, your config.php looks like this after installation. The SQLite database is stored in your Nextcloud data/ directory. SQLite is a simple, lightweight embedded database that is good for testing and for simple installations, but for production Nextcloud systems you should use MySQL, MariaDB, or PosgreSQL.

This example is from a new Nextcloud installation using MariaDB:

User Experience

These optional parameters control some aspects of the user interface. Default values, where present, are shown.

This sets the default language on your Nextcloud server, using ISO_639-1 language codes such as en for English, de for German, and fr for French. The default_language parameter is only used, when the browser does not send any language, and the user hasn’t configured own language preferences.

Nextcloud has two distinguished language codes for German, ‘de’ and ‘de_DE’. ‘de’ is used for informal German and ‘de_DE’ for formal German. By setting this value to ‘de_DE’ you can enforce the formal version of German unless the user has chosen something different explicitly.

With this setting a language can be forced for all users. If a language is forced, the users are also unable to change their language in the personal settings. If users shall be unable to change their language, but users have different languages, this value can be set to true instead of a language code.

Defaults to false

This sets the default locale on your Nextcloud server, using ISO_639 language codes such as en for English, de for German, and fr for French, and ISO-3166 country codes such as GB , US , CA , as defined in RFC 5646. It overrides automatic locale detection on public pages like login or shared items. User’s locale preferences configured under “personal -> locale” override this setting after they have logged in.

This sets the default region for phone numbers on your Nextcloud server, using ISO 3166-1 country codes such as DE for Germany, FR for France, … It is required to allow inserting phone numbers in the user profiles starting without the country code (e.g. +49 for Germany).

No default value!

With this setting a locale can be forced for all users. If a locale is forced, the users are also unable to change their locale in the personal settings. If users shall be unable to change their locale, but users have different languages, this value can be set to true instead of a locale code.

Defaults to false

true enables the Help menu item in the user menu (top right of the Nextcloud Web interface). false removes the Help item.

true allows users to change their display names (on their Personal pages), and false prevents them from changing their display names.

The directory where the skeleton files are located. These files will be copied to the data directory of new users. Leave empty to not copy any skeleton files.

can be used as a placeholder for the language of the user. If the directory does not exist, it falls back to non dialect (from de_DE to de ). If that does not exist either, it falls back to default

Defaults to core/skeleton in the Nextcloud directory.

The directory where the template files are located. These files will be copied to the template directory of new users. Leave empty to not copy any template files.

can be used as a placeholder for the language of the user. If the directory does not exist, it falls back to non dialect (from de_DE to de ). If that does not exist either, it falls back to default

If this is not set creating a template directory will only happen if no custom skeletondirectory is defined, otherwise the shipped templates will be used to create a template directory for the user.

User session

Lifetime of the remember login cookie. This should be larger than the session_lifetime. If it is set to 0 remember me is disabled.

Defaults to 60*60*24*15 seconds (15 days)

The lifetime of a session after inactivity.

The maximum possible time is limited by the session.gc_maxlifetime php.ini setting which would overwrite this option if it is less than the value in the config.php

Defaults to 60*60*24 seconds (24 hours)

true enabled a relaxed session timeout, where the session timeout would no longer be handled by Nextcloud but by either the PHP garbage collection or the expiration of potential other session backends like redis.

This may lead to sessions being available for longer than what session_lifetime uses but comes with performance benefits as sessions are no longer a locking operation for concurrent requests.

Enable or disable session keep-alive when a user is logged in to the Web UI.

Enabling this sends a “heartbeat” to the server to keep it from timing out.

Defaults to true

Enable or disable the automatic logout after session_lifetime, even if session keepalive is enabled. This will make sure that an inactive browser will be logged out even if requests to the server might extend the session lifetime.

Defaults to false

Enforce token authentication for clients, which blocks requests using the user password for enhanced security. Users need to generate tokens in personal settings which can be used as passwords on their clients.

Defaults to false

The interval at which token activity should be updated.

Increasing this value means that the last activity on the security page gets more outdated.

Tokens are still checked every 5 minutes for validity max value: 300

Defaults to 300

Whether the bruteforce protection shipped with Nextcloud should be enabled or not.

Disabling this is discouraged for security reasons.

Defaults to true

Whether the rate limit protection shipped with Nextcloud should be enabled or not.

Disabling this is discouraged for security reasons.

Defaults to true

By default, WebAuthn is available, but it can be explicitly disabled by admins

Whether encrypted password should be stored in the database

The passwords are only decrypted using the login token stored uniquely in the clients and allow to connect to external storages, autoconfigure mail account in the mail app and periodically check if the password it still valid.

This might be desirable to disable this functionality when using one time passwords or when having a password policy enforcing long passwords (> 300 characters).

By default, the passwords are stored encrypted in the database.

WARNING: If disabled, password changes on the user back-end (e.g. on LDAP) no longer log connected clients out automatically. Users can still disconnect the clients by deleting the app token from the security settings.

By default, the login form is always available. There are cases (SSO) where an admin wants to avoid users entering their credentials to the system if the SSO app is unavailable.

This will show an error. But the direct login still works with adding ?direct=1

If your user backend does not allow password resets (e.g. when it’s a read-only user backend like LDAP), you can specify a custom link, where the user is redirected to, when clicking the “reset password” link after a failed login-attempt.

In case you do not want to provide any link, replace the url with ‘disabled’

URL to use as target for the logo link in the header (top-left logo)

Defaults to the base URL of your Nextcloud instance

Mail Parameters

These configure the email settings for Nextcloud notifications and password resets.

The return address that you want to appear on emails sent by the Nextcloud server, for example nc-admin@example.com , substituting your own domain, of course.

FROM address that overrides the built-in sharing-noreply and lostpassword-noreply FROM addresses.

Defaults to different from addresses depending on the feature.

Enable SMTP class debugging.

Defaults to false

Which mode to use for sending mail: sendmail , smtp or qmail .

If you are using local or remote SMTP, set this to smtp .

For the sendmail option you need an installed and working email system on the server, with /usr/sbin/sendmail installed on your Unix system.

For qmail the binary is /var/qmail/bin/sendmail, and it must be installed on your Unix system.

Defaults to smtp

This depends on mail_smtpmode . Specify the IP address of your mail server host. This may contain multiple hosts separated by a semicolon. If you need to specify the port number append it to the IP address separated by a colon, like this: 127.0.0.1:24 .

Defaults to 127.0.0.1

This depends on mail_smtpmode . Specify the port for sending mail.

This depends on mail_smtpmode . This sets the SMTP server timeout, in seconds. You may need to increase this if you are running an anti-malware or spam scanner.

Defaults to 10 seconds

This depends on mail_smtpmode . Specify ssl when you are using SSL/TLS. Any other value will be ignored.

If the server advertises STARTTLS capabilities, they might be used, but they cannot be enforced by this config option.

Defaults to » (empty string)

This depends on mail_smtpmode . Change this to true if your mail server requires authentication.

Defaults to false

This depends on mail_smtpauth . Specify the username for authenticating to the SMTP server.

Defaults to » (empty string)

This depends on mail_smtpauth . Specify the password for authenticating to the SMTP server.

Default to » (empty string)

Replaces the default mail template layout. This can be utilized if the options to modify the mail texts with the theming app is not enough.

The class must extend \OC\Mail\EMailTemplate

Email will be sent by default with an HTML and a plain text body. This option allows to only send plain text emails.

This depends on mail_smtpmode . Array of additional streams options that will be passed to underlying Swift mailer implementation.

Defaults to an empty array.

Which mode is used for sendmail/qmail: smtp or pipe .

Use the SMTP protocol on standard input and output.

Read message from STDIN and extract recipients.

Defaults to smtp

Proxy Configurations

The automatic hostname detection of Nextcloud can fail in certain reverse proxy and CLI/cron situations. This option allows you to manually override the automatic detection; for example www.example.com , or specify the port www.example.com:8080 .

When generating URLs, Nextcloud attempts to detect whether the server is accessed via https or http . However, if Nextcloud is behind a proxy and the proxy handles the https calls, Nextcloud would not know that ssl is in use, which would result in incorrect URLs being generated.

Valid values are http and https .

Nextcloud attempts to detect the webroot for generating URLs automatically.

For example, if www.example.com/nextcloud is the URL pointing to the Nextcloud instance, the webroot is /nextcloud . When proxies are in use, it may be difficult for Nextcloud to detect this parameter, resulting in invalid URLs.

This option allows you to define a manual override condition as a regular expression for the remote IP address. For example, defining a range of IP addresses starting with 10.0.0. and ending with 1 to 3: ^10\.0\.0\.[1-3]$

Defaults to » (empty string)

Use this configuration parameter to specify the base URL for any URLs which are generated within Nextcloud using any kind of command line tools (cron or occ). The value should contain the full base URL: https://www.example.com/nextcloud

Defaults to » (empty string)

To have clean URLs without /index.php this parameter needs to be configured.

This parameter will be written as “RewriteBase” on update and installation of Nextcloud to your .htaccess file. While this value is often simply the URL path of the Nextcloud installation it cannot be set automatically properly in every scenario and needs thus some manual configuration.

In a standard Apache setup this usually equals the folder that Nextcloud is accessible at. So if Nextcloud is accessible via “https://mycloud.org/nextcloud” the correct value would most likely be “/nextcloud”. If Nextcloud is running under “https://mycloud.org/” then it would be “/”.

Note that the above rule is not valid in every case, as there are some rare setup cases where this may not apply. However, to avoid any update problems this configuration value is explicitly opt-in.

After setting this value run occ maintenance:update:htaccess . Now, when the following conditions are met Nextcloud URLs won’t contain index.php :

mod_rewrite is installed

mod_env is installed

Defaults to » (empty string)

For server setups, that don’t have mod_env enabled or restricted (e.g. suEXEC) this parameter has to be set to true and will assume mod_rewrite.

Please check, if mod_rewrite is active and functional before setting this parameter, and you updated your .htaccess with occ maintenance:update:htaccess . Otherwise, your nextcloud installation might not be reachable anymore. For example, try accessing resources by leaving out index.php in the URL.

The URL of your proxy server, for example proxy.example.com:8081 .

Note: Guzzle (the http library used by Nextcloud) is reading the environment variables HTTP_PROXY (only for cli request), HTTPS_PROXY, and NO_PROXY by default.

If you configure proxy with Nextcloud any default configuration by Guzzle is overwritten. Make sure to set proxyexclude accordingly if necessary.

Defaults to » (empty string)

The optional authentication for the proxy to use to connect to the internet.

The format is: username:password .

Defaults to » (empty string)

List of host names that should not be proxied to.

For example: [‘.mit.edu’, ‘foo.com’] .

Hint: Use something like explode(‘,’, getenv(‘NO_PROXY’)) to sync this value with the global NO_PROXY option.

Defaults to empty array.

Allow remote servers with local addresses e.g. in federated shares, webcal services and more

Defaults to false

Deleted Items (trash bin)

These parameters control the Deleted files app.

If the trash bin app is enabled (default), this setting defines the policy for when files and folders in the trash bin will be permanently deleted.

The app allows for two settings, a minimum time for trash bin retention, and a maximum time for trash bin retention.

Minimum time is the number of days a file will be kept, after which it may be deleted. A file may be deleted after the minimum number of days is expired if space is needed. The file will not be deleted if space is not needed.

Whether “space is needed” depends on whether a user quota is defined or not:

• If no user quota is defined, the available space on the Nextcloud data partition sets the limit for the trashbin (issues: see https://github.com/nextcloud/server/issues/28451).

• If a user quota is defined, 50% of the user’s remaining quota space sets the limit for the trashbin.

Maximum time is the number of days at which it is guaranteed to be deleted. There is no further dependency on the available space.

Both minimum and maximum times can be set together to explicitly define file and folder deletion. For migration purposes, this setting is installed initially set to “auto”, which is equivalent to the default setting in Nextcloud.

Available values (D1 and D2 are configurable numbers):

default setting. keeps files and folders in the trash bin for 30 days and automatically deletes anytime after that if space is needed (note: files may not be deleted if space is not needed).

keeps files and folders in the trash bin for D1+ days, delete anytime if space needed (note: files may not be deleted if space is not needed)

delete all files in the trash bin that are older than D2 days automatically, delete other files anytime if space needed

keep files and folders in the trash bin for at least D1 days and delete when exceeds D2 days (note: files will not be deleted automatically if space is needed)

trash bin auto clean disabled, files and folders will be kept forever

Defaults to auto

File versions

These parameters control the Versions app.

If the versions app is enabled (default), this setting defines the policy for when versions will be permanently deleted.

The app allows for two settings, a minimum time for version retention, and a maximum time for version retention. Minimum time is the number of days a version will be kept, after which it may be deleted. Maximum time is the number of days at which it is guaranteed to be deleted. Both minimum and maximum times can be set together to explicitly define version deletion. For migration purposes, this setting is installed initially set to “auto”, which is equivalent to the default setting in Nextcloud.

default setting. Automatically expire versions according to expire rules. Please refer to Controlling file versions and aging for more information.

keep versions at least for D days, apply expiration rules to all versions that are older than D days

delete all versions that are older than D days automatically, delete other versions according to expire rules

keep versions for at least D1 days and delete when exceeds D2 days

versions auto clean disabled, versions will be kept forever

Defaults to auto

Nextcloud Verifications

Nextcloud performs several verification checks. There are two options, true and false .

Checks an app before install whether it uses private APIs instead of the proper public APIs. If this is set to true it will only allow to install or enable apps that pass this check.

Defaults to false

Check if Nextcloud is up-to-date and shows a notification if a new version is available. It sends current version, php version, installation and last update time and release channel to the updater server which responds with the latest available version based on those metrics.

Defaults to true

URL that Nextcloud should use to look for updates

Defaults to https://updates.nextcloud.com/updater_server/

The channel that Nextcloud should use to look for updates

Is Nextcloud connected to the Internet or running in a closed network?

Defaults to true

Which domains to request to determine the availability of an Internet connection. If none of these hosts are reachable, the administration panel will show a warning. Set to an empty list to not do any such checks (warning will still be shown).

If no protocol is provided, both http and https will be tested. For example, ‘http://www.nextcloud.com’ and ‘https://www.nextcloud.com’ will be tested for ‘www.nextcloud.com’ If a protocol is provided, only this one will be tested.

Defaults to the following domains:

• www.nextcloud.com

• www.startpage.com

• www.eff.org

• www.edri.org

Allows Nextcloud to verify a working .well-known URL redirects. This is done by attempting to make a request from JS to https://your-domain.com/.well-known/caldav/

Defaults to true

This is a crucial security check on Apache servers that should always be set to true . This verifies that the .htaccess file is writable and works.

If it is not, then any options controlled by .htaccess , such as large file uploads, will not work. It also runs checks on the data/ directory, which verifies that it can’t be accessed directly through the Web server.

Defaults to true

In rare setups (e.g. on Openshift or Docker on Windows) the permissions check might block the installation while the underlying system offers no means to “correct” the permissions. In this case, set the value to false.

In regular cases, if issues with permissions are encountered they should be adjusted accordingly. Changing the flag is discouraged.

Defaults to true

In certain environments it is desired to have a read-only configuration file.

When this switch is set to true , writing to the config file will be forbidden. Therefore, it will not be possible to configure all options via the Web interface. Furthermore, when updating Nextcloud it is required to make the configuration file writable again and to set this switch to false for the update process.

Defaults to false

Logging

This parameter determines where the Nextcloud logs are sent.

file : the logs are written to file nextcloud.log in the default Nextcloud data directory. The log file can be changed with parameter logfile . syslog : the logs are sent to the system log. This requires a syslog daemon to be active. errorlog : the logs are sent to the PHP error_log function. systemd : the logs are sent to the Systemd journal. This requires a system that runs Systemd and the Systemd journal. The PHP extension systemd must be installed and active.

Defaults to file

This parameter determines where the audit logs are sent. See log_type for more information.

Defaults to file

Name of the file to which the Nextcloud logs are written if parameter log_type is set to file .

Defaults to [datadirectory]/nextcloud.log

Name of the file to which the audit logs are written if parameter log_type is set to file .

Defaults to [datadirectory]/audit.log

Log file mode for the Nextcloud logging type in octal notation.

Defaults to 0640 (writeable by user, readable by group).

Loglevel to start logging at. Valid values are: 0 = Debug, 1 = Info, 2 = Warning, 3 = Error, and 4 = Fatal. The default value is Warning.

Loglevel used by the frontend to start logging at. The same values as for loglevel can be used. If not set it defaults to the value configured for loglevel or Warning if that is not set either.

If you maintain different instances and aggregate the logs, you may want to distinguish between them. syslog_tag can be set per instance with a unique id. Only available if log_type is set to syslog or systemd .

The default value is Nextcloud .

If you maintain different instances and aggregate the logs, you may want to distinguish between them. syslog_tag_audit can be set per instance with a unique id. Only available if log_type is set to syslog or systemd .

The default value is the value of syslog_tag .

Log condition for log level increase based on conditions. Once one of these conditions is met, the required log level is set to debug. This allows to debug specific requests, users or apps

shared_secret : if a request parameter with the name log_secret is set to

26. Install Nextcloud

Nextcloud is a file sync and share application offering a variety of online collaboration tools. It allows syncing files from desktop/laptop/tablet/phone with a remote server, sharing them with other Nextcloud users or giving public access to them, editing office documents online, managing calendars, tasks, conducting surveys, creating forms, mounting external directories, sharing files with other Nextcloud instances through ‘federation sharing’, etc.

We recommend that you install only the apps described in this guide and only with the settings that we specify, as a starting point. When you will have a functional, well-configured Nextcloud installation, you can try adding other Nextcloud apps and experiment with different settings, if you need to. Nextcloud is very useful but it is difficult to install properly. You have to know in advance which ‘recommended’ settings should be applied and which shouldn’t, what apps deserve to be installed and what apps don’t.

To download the latest stable verstion of Nextcloud that is recommended to be installed on Debian navigate to the list of RED SCARF Suite components, get the number of the Nextcloud version (for example 25.0.6), then navigate to the Nextcloud changelog page, scroll down to the version found earlier (for example Version 25.0.6), right-click on the zip package that corresponds to that version (for example nextcloud-25.0.6.zip) and choose ‘Copy Link’ to copy the download link to the clipboard. Then use the copied link to download Nextcloud as shown below:

Replace example.com with the main domain hosted on your server. Please note that the /var/www/cloud. example.com directory will be created by the mv command. The mv command will move the nextcloud directory to /var/www and will change its name to cloud. example.com , so, you shouldn’t create the cloud. example.com directory manually in advance. If you create it in advance, the mv command will place the nextcloud directory inside the / var/www/cloud. example.com directory, which is not what you want.

Set the right ownership and permissions for the cloud. example.com directory and all its subdirectories, replacing example.com with the main domain hosted on your server:

26.1. Obtain a Let’s Encrypt SSL certificate

Please note that when you have configured Asterisk, you had to specify in /etc/asterisk/http.conf the path to the certificate file and private key file used to encrypt the connection to the domain where the browser phone resided. The two paths were looking like this:

Since Asterisk only supports one certificate file in the tlscertfile parameter and one private key file in the tlsprivatekey parameter, it is expected that you have only one browser phone, on one domain, that you intend to connect to Asterisk. But what if you have two browser phones, on different domains, that you want to connect simultaneously to Asterisk ? For example: SIP Trip Phone on cloud. example.com , and Roundpin on roundpin. example.com ? Whose domain’s certificate and private key should you enter in the tlscertfile and tlsprivatekey parameters ? To overcome this problem and be able to connect both SIP Trip Phone and Roundpin simultaneously to Asterisk, you can obtain a Let’s Encrypt certificate for both cloud. example.com and roundpin. example.com and then mention the certificate file and private key file of that SSL certificate in the tlscertfile and tlsprivatekey parameters. There is no need for a wild card certificate, you just get one SSL certificate for the two different domains (they are in fact two different subdomains of the same domain, but they can be two entirely different domains).

First edit the Nginx server blocks configuration file:

Add the following temporary server blocks for cloud. example.com and roundpin. example.com at the end of the file:

Replace example.com with the main domain hosted on your server. Restart Nginx:

Edit your DNS settings. Add an A entry and an AAAA entry for cloud. example.com and for roundpin. example.com . These entries will be similar to the entries you already have for doli. example.com . It’s just that instead of doli , you will enter cloud and roundpin respectively. Wait a few minutes until the DNS changes propagate.

Then, get one Let’s Encrypt SSL certificate for both cloud. example.com and roundpin. example.com by running:

Now is the moment to run the script created as explained in the Build and install Asterisk chapter, to copy the two files ( /etc/letsencrypt/live/cloud. example.com /cert.pem and /etc/letsencrypt/live/cloud. example.com /privkey.pem ) to the intended destination ( /etc/asterisk/keys ). So run:

From now on, Asterisk can connect to the browser phones residing on cloud. example.com and roundpin. example.com . Of course, you will have to install SIP Trip Phone and Roundpin, as explained further down below, in order to be able to connect them to Asterisk and use them.

26.2. Configure Nginx for Nextcloud

Next, edit the /etc/nginx/sites-enabled/0-conf file again:

Replace the temporary server blocks for cloud. example.com and roundpin. example.com added earlier, with the following blocks:

Create the access log directory:

Create the /var/log/nextcloud logs directory and change ownership:

Please note that Nextcloud will log data in 3 different logs: the errors in /var/log/nginx/cloud. example.com .error.log , the access data in /var/log/sites/cloud. example.com /access.log , and the detailed warnings and errors in /var/log/nextcloud/nextcloud.log . The latter is very important, because it will be automatically analyzed by ‘System Health and Security Probe’, to identify the viruses detected in the files uploaded to Nextcloud.

Although we recommend serving Nextcloud on a subdomain as explained above and not on a subdirectory like example.com /nextcloud , we explain here how Nextcloud can be served on a subdirectory with Nginx. Also, even if we don’t recommend using Apache for any purpose, because it is by far inferior to Nginx, we describe here how Apache can be configured to serve Nextcloud on a subdomain or on a subdirectory.

26.3. Configure logrotate to rotate Nextcloud logs

Add the following section at the bottom of this file:

Replace example.com with the main domain hosted on your server.

Next, create a new configuration file necessary to rotate the logs that will be stored in the /var/log/nextcloud directory:

Add the following content inside this file:

26.4. Configure PHP for Nextcloud

Next open the /etc/php/7.4/fpm/pool.d/www.conf file for editing:

Uncomment the following lines to make them look like this:

26.5. Run the installation using the web interface

Use phpMyAdmin to create a new database and database user for Nextcloud. You can call the database nextcloud and the database user ncuser . Give ncuser all the rights over the nextcloud database, except GRANT , which is not necessary. Write down the name of the database, the database user and the password, because you will need them later.

To begin the installation, navigate to:

You will see the following screen:

In the two fields under ‘Create an admin account’ enter a username that you choose for the administrator account and a strong password. Avoid using the highly unsafe ‘admin’, ‘administrator’, ‘nextcloudadmin’, etc. usernames.

The content of the ‘Data folder’ field should be /var/www/cloud. example.com /data .

In the ‘Database user’ field enter the name of the user created earlier, ncuser in our example, in the ‘Database password’ field enter the user’s password, in the ‘Database name’ field enter the name of the database created earlier, nextcloud in our example, and in the ‘Database host’ field enter localhost , without specifying the port, which is not necessary.

Click on the ‘Install’ button.

The next screen will show a list of ‘Recommended apps’, such as ‘Calendar’, ‘Collabora Online’, etc. Don’t click the ‘Install recommended apps’ button, because you will install only the best apps that you will need from inside Nextcloud, so, you don’t need any ‘recommended’ app to be installed at this moment. Click the ‘Cancel’ button instead, to finish the installation.

After the installation you will see the ‘First run wizard’ popup window displaying general information about Nextcloud and when you will close it, the first screen will be that of the Dashboard:

Ignore the Dashboard and click on the Files icon in the upper left corner. The Files screen will look like this:

The first thing to do is to click on ‘Settings’ in the lower left corner, then uncheck ‘Show rich workspaces’ and ‘Show recommendations’. Generally, these two options are not needed and they clutter the workspace, confusing the user.

You can also disable the ‘Dashboard’ app, which is also not needed and confuses the user, since it’s opened by default after logging in. To disable it, click on the user icon in the upper right corner, then click on ‘Apps’, then search for the ‘Dashboard’ app and click on ‘Disable’ on its row.

Also, you can click on the user icon in the upper right corner, then click on ‘Settings’, then in the ‘Personal info’ section you can add your email address in the ‘Email’ field and set a picture from Nextcloud or from your computer, as ‘Profile picture’.

If you ever want to see the content of the Nextcloud log, click on the user icon in the upper right corner, then click on ‘Settings’, then under ‘Administration ‘click on ‘Logging’. In the upper left corner of the logging window click on ‘Level’ and uncheck ‘Debug’ and ‘Info’ to make Nextcloud display only the most important information. Otherwise the log will become almost unreadable.

Next, open the /var/www/cloud. example.com /config/config.php file:

Your configuration file should look similar to the following:

Replace example.com with the main domain hosted on your server, admin@example.com with the email address that you want to use to log in to the mail server, strongpassword with the password for the admin@example.com email account, Europe/Berlin with your own timezone, that you can find on the list of timezones supported by PHP, and replace DE with your two letter country code for the default region for phone numbers.

Please note that the ‘mail_smtpmode’ , ‘mail_smtpsecure’ , ‘mail_from_address’ and ‘mail_domain’ parameters are needed so that Nextcloud can send notifications and for password resets. The other mail related parameters listed above are also necessary if you want to install the Mail app, to access your admin@example.com account inside Nextcloud. The Mail app had some bugs in the past and installing it it’s not necessarily a good idea, but if you ever install it, the configuration file should contain all the mail related parameters listed above.

You can notice that we configured Memcached for both local and distributed caching. This is the best solution, in spite of the fact that the official Nextcloud documentation suggests to use APCu for local caching and Redis for distributed caching. Our tests proved that using APCu and Redis doesn’t improve performance.

26.6. Move the configuration file outside the web root

To increase security, first copy the /var/www/cloud. example.com /config/config.php file outside the web root, to the /srv/scripts directory. Replace example.com with the main domain hosted on your server:

Then empty the /var/www/cloud. example.com /config/config.php file:

Add the following line inside it:

Change ownership amd permissions for the /srv/scripts/nextcloud.php file:

26.7. Install Nextcloud apps

The apps available in Nextcloud App Store add a lot of new functionalities to Nextcloud. It’s just that you have to know in advance what apps deserve to be installed and with what configurations.

First we’ll describe how to install Collabora Online.

26.7.1. Install Collabora Online

LibreOffice Online is a free and open source program derived from LibreOffice, that allows accessing and editing office documents in the browser. It’s similar to Google Docs Editors, with the significant difference that if you install it on a server that you control, you can own it and you can own the documents that you edit with it. Some releases of LibreOffice Online are branded as Collabora Online and Collabora Online Development Edition (CODE), since Collabora Ltd is the main contributor to the LibreOffice Online project. We’ll describe below how to install Collabora Online Development Edition, which is stable and powerfull, if you know what versions to install.

Using a self-hosted installation of Collabora Online Development Edition, you can open and edit office documents with any computer connected to the Internet, from anywhere in the world, using just a browser. It also allows multiple users to view and edit the same documents simultaneously. This is called ‘collaborative editing’ and is important for web-based teamwork.

If you want to install Collabora Online Development Edition on your own server and integrate it with Nextcloud, you have four main options:

• install the Docker version, which implies installing Docker. Docker uses a portion of the server’s RAM and CPU power and should be avoided when you try to spare your server’s resources as much as possible.

• install the ‘Collabora Online – Built-in CODE Server’ Nextcloud application. In this case, the Collabora Online Development Edition server gets installed like any Nextcloud application. However, if you choose this method, the program will be so slow that you won’t be able to use it for real work.

• compile Collabora Online from source by yourself and install it on your server without using Docker. This method used to work well on older versions of Debian. Unfortunately, on Debian 11 compiling Collabora Online successfully proves to be very difficult and if you try to run on Debian 11 Collabora Online compiled on older versions of Debian, it won’t work.

• install the native Linux packages for Debian 11, offered by Collabora Ltd here. This method is very straightforward and using it you will install and upgrade the Collabora Online Development Edition server like any native Debian application.

We recommend the fourth option and we describe it below.

First install apt-transport-https and ca-certificates , because they will be needed:

Then import the signing key:

Add the Collabora Online Development Edition repository to the list of repositories:

Add the following content inside this file:

Next, update the package lists and install Collabora Online Development Edition by running:

The command from above will install CODE together with the language packs for English, which will allow automatic spell checking for English. If you had wanted to install CODE together with the language packs for French, you would have run:

If you had wanted to install CODE together with the language packs for German, you would have run:

26.7.1.1. Obtain a Let’s Encrypt SSL certificate

To obtain a Let’s Encrypt SSL certificate for office. example.com , first edit the Nginx server blocks configuration file:

Create a temporary server block for office. example.com , by adding the following lines:

Now edit your DNS settings. Add an A entry and an AAAA entry for office. example.com . These entries are similar with the entries for cloud. example.com . It’s just that instead of cloud you use office . Wait a few minutes until the DNS changes propagate.

Next, you can obtain a Let’s Encrypt certificate for office. example.com by running:

26.7.1.2. Configure Nginx for Collabora Online

Then open the /etc/nginx/sites-enabled/0-conf file:

Replace the temporary server block for office. example.com with the following server block, in order to allow Nginx to serve the site over SSL:

Create the access log directory:

26.7.1.3. Configure logrotate to rotate Collabora Online logs

To configure logrotate to rotate the new logs that will be created, run:

Add the following blocks at the bottom of the file:

Create the directory for the coolwsd log file and set the right ownership for it and for the new log file:

26.7.1.4. Configure Collabora Online web socket daemon ( coolwsd )

First make a copy of the original configuration file:

Open the configuration file:

In the <logging> section, edit the following lines, to make them look as follows:

In the <net desc=»Network settings»> section edit the following line, like this:

In the <welcome> section, edit the following line, to make it look like this:

In the <storage desc=»Backend storage»> section, make sure you have the following lines:

where cloud\.example\.com is the domain that you use to serve Nextcloud.

Finally, in the <admin_console desc=»Web admin console settings.»> section, enter your username and password for the admin console, like this:

Before restarting coolwsd and Nginx, you should enable SSL encryption for coolwsd , as described below.

26.7.1.4.1 Enable SSL encryption for coolwsd

To enable SSL encryption between ‘Collabora Online web socket daemon’ ( coolwsd ) and the network, you will need to copy the SSL certificate files for office. example.com from the /etc/letsencrypt/live/office. example.com directory to the /etc/coolwsd directory, because coolwsd will refuse to read them in their default location. You can create a small script to automatically copy these files to the proper location, once per week:

Add the following content inside this file:

Change permissions for this script:

Add a cronjob to run the script once every Monday:

Add the following lines at the end of the file:

Run the script manually once, to copy the SSL certificate files to the proper location:

Set the proper ownership for /opt/cool and /opt/collaboraoffice :

Now you can restart coolwsd :

Restart also Nginx, so that all the changes made previously can take effect:

26.7.1.5. Install the ‘Office Online integration’ app in Nextcloud

Please note that in order to connect Nextcloud to the CODE server that you have just installed, you need to install the ‘Office Online integration’ app in Nextcloud, and not the ‘Nextcloud Office’ app, which contains a bug that doesn’t allow 2 or more users to open the same odt or odp file simultaneously.

To install the ‘Office Online integration’ app click on the user icon in the upper right corner of Nexcloud, click on ‘Apps’, then use the search box on the upper bar to search for ‘Office Online integration’ and install it. Then click on ‘Settings’, on the left panel, under ‘Administration’ click on ‘Office Online’, then, in the ‘URL (and Port) of Office Online server’ field enter the URL of the server you have just setup, namely: https://office. example.com :9980 , and click ‘Save’.

From now on, when you will click on an odt, ods, odp, odg, rtf, docx, doc, xlsx, xls, pptx or ppt file stored in a Nextcloud folder, the file will be opened by Collabora Online Development Edition and you will be able to edit and save it, as if it were stored on your local computer.

If you share such office document with other Nextcloud users, they will be able to open and edit the document simultaneously. You can save open documents in their own format or as pdf, rtf, epub/csv files. When they are closed, documents are saved automatically.

If you want to enable automatic spell checking for English (USA) in a specific odt file, click on the hamburger button in the upper left corner > ‘Tools’ > ‘Language’ > ‘For All Text’ > ‘English (USA)’, like below:

Once you do that, the language of the entire document will be set to English (USA) and all the misspelled words will be underlined with red. This assumes that you have installed CODE together with the language packs for English, as explained earlier. For ods files, automatic spell checking is enabled in a similar manner. If you close the document, the language settings will be remembered.

If you want to see the CODE menus in a specific language, you have to change your Nextcloud language by clicking on the user icon in the upper right corner > ‘Settings’ > then clicking on ‘Personal info’ on the left sidebar, then choosing your language from the ‘Language’ drop-down menu.

For security reasons, running macros in documents opened with CODE is disabled by default. However, you can enable running macros by following these steps:

– open the /etc/coolwsd/coolwsd.xml configuration file:

– in the <security desc=»Altering these defaults potentially opens you to significant risk»> section, change the enable_macros_execution line, to make it look like this:

– then, when you open a file with CODE, click on the hamburger button in the upper left corner > ‘Tools’ > ‘Run Macro…’ > choose the macro that you want to run and click ‘Run’.

Please note that older versions of Collabora Online Development Edition displayed a pop-up warning when more than 10 documents or 20 connections were in use simultaneously, although the server allowed opening additional documents. This warning has been removed in recent CODE versions.

The administration console which provides information about the number of documents opened, the number of users connected, memory usage, etc., can be accessed at the following URL:

https://office. example.com /browser/dist/admin/admin.html

You will have to enter the username and password set up earlier in the /etc/coolwsd/coolwsd.xml file. Once you log in, you will see the Overview screen:

In the latest Nextcloud versions, when you open odt, ods, odp, docx, xlsx, pptx, etc. files with Collabora Online, you will notice that the bottom bar containing the search box, the language drop-down list, the zoom level indicator, etc., will be pushed downwards and will not be visible because of an extra black header bar added at the top:

To correct this issue, you can make a small CSS modification using the ‘Custom CSS’ app.

To install the ‘Custom CSS’ app, click on the profile picture in the upper right corner, then on ‘Apps’, then enter ‘Custom CSS’ in the search box on the Nextcloud upper bar. When you find the ‘Custom CSS’ app click on the ‘Download and enable’ button to install it. Once the app is installed, click again on the profile picture, then on ‘Settings’, then, on the left panel, under ‘Administration’, click on ‘Theming’ and scroll to the bottom of the page. There, in the ‘Custom CSS’ text area enter:

Click the ‘Save’ button. From now on, the bottom bar of the documents opened with Collabora Online will be visible:

26.7.1.6. Configure Fail2ban to protect Collabora Online administration console against brute-force attacks

Navigate to the /etc/fail2ban/filter.d directory:

Create a file called cooladmin.conf :

Add the following content inside this file:

Next, open the /etc/fail2ban/jail.local file:

Add the following block below the [phpmyadmin] block:

26.7.1.7. Stop automatic updates for Collabora Online

Once you install Collabora Online Development Edition as described above and verify that everything works as expected, you should prevent Collabora Online from being updated together with other native Debian packages, when new versions become available and you run apt-get upgrade or apt-get dist-upgrade . This is because CODE, Nextcloud itself and many Nextcloud apps are notorious for having versions which work flawlessly for years and then, all of a sudden, a simple upgrade to a new version breaks essential functionalities, generates errors and blocks your activities for days or weeks, until you find a solution, like downgrading Nextcloud, downgrading the app, reporting the bug and waiting for a fix, searching for workarounds, etc. In order to avoid this kind of situations, we recommend that you disable automatic updates for CODE. CODE should be upgraded together with Debian itself, once every 2 years. The same is true for Nextcloud and Asterisk: they should be also upgraded only once every 2 years, after upgrading Debian. The only exceptions to this general rule should be the cases in which critical security vulnerabilities will be discovered and you will need to install newer versions sooner, to apply the fixes. To find out if and when critical security vulnerabilities are discovered for CODE, you can check web pages like this periodically, or you can subscribe to our ‘Updates Newsletter’. Subscribers get an email each time a security vulnerability that needs to be fixed urgently by an upgrade is discovered for CODE, or for any other application that is part of RED SCARF Suite.

Open the /etc/apt/sources.list.d/collaboraonline.sources file:

Comment out all the lines, to disable them, like this:

Update the package lists:

From now on, when you will run apt-get update followed by apt-get dist-upgrade , CODE won’t be updated, even if newer versions will be available.

26.7.1.8. Upgrading Collabora Online

As stated above, you should only update/upgrade Collabora Online Development Edition once every 2 years, when you upgrade Debian.

Before upgrading CODE to the last version available for the current Debian stable, it’s recommended to check if the new CODE version has been tested and verified to function well and as a result it has been included on the list of applications on this page.

To upgrade CODE to the last version found in the official Collabora Online repository available at https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-debian X , where X is the version number of Debian, first open the /etc/apt/sources.list.d/collaboraonline.sources file:

Then uncomment all the lines, to make them look like this:

Replace X with the number of the current stable version of Debian.

Then update the package lists:

Next, upgrade all the packages with newer versions, including CODE, by running:

After the upgrade is finished, don’t forget to disable automatic updates again:

Comment out all the lines, to make them look like this:

Then, update the package lists:

26.7.2. Install SIP Trip Phone

SIP Trip Phone is a browser phone that uses SIP over WebSocket and WebRTC. It connects to SIP providers via Asterisk or directly.

It can be used in conjunction with Asterisk, to benefit from the control, autonomy and advanced PBX features offered by Asterisk, but also without Asterisk, if you connect it directly to the SIP provider (this implies that the SIP provider allows direct connections from web applications that use SIP over WebSocket). For calls to and from regular phone numbers, a SIP provider like Telnyx or Localphone is needed and a real phone number acquired from that SIP provider. If Asterisk is used, it’s recommended to be Asterisk version 18.0.0 LTS and it has to be installed on a VPS or dedicated server.

SIP Trip Phone allows making and receiving phone calls to/from any mobile or landline phone, at lower rates than with regular phones. It allows making cheap international phone calls from phone numbers located in the same country as the receivers. The receivers will also be able to call those numbers and pay as for local calls. It is known that VoIP phone calls are up to 70% cheaper than regular phone calls. International VoIP phone calls can cost even 90% less than regular phone calls. If Asterisk is used, SIP Trip Phone allows making free calls over the Internet between extensions configured on the underlying Asterisk server. It logs recent phone calls and their duration and allows pausing, muting and transferring phone calls. On the underlying Asterisk server you can implement an IVR (Interactive Voice Response) and many advanced PBX features such as voicemail, queue management, music on hold, number blacklisting, call recording, audio conference calls, etc.

First, we’ll explain how to connect SIP Trip Phone directly to a SIP provider like Telnyx (Localphone doesn’t allow direct connections from web applications using SIP over WebSocket), then we’ll describe how to connect SIP Trip Phone to a SIP provider like Telnyx and Localphone via Asterisk.

26.7.2.1. Install SIP Trip Phone and connect it directly to Telnyx

SIP Trip Phone can be installed like any other Nextcloud application: click on the profile picture from the upper right corner > Apps > search for ‘SIP Trip Phone’ using the search box on the upper bar > click ‘Download and install’. You will be able to start SIP Trip Phone only after you fill in the required fields on its Settings page, as explained below.

26.7.2.1.1. Configure your Telnyx account

After you sign up for a Telnyx account click on the ‘My Account’ icon in the upper right corner of the screen, then click on ‘My Account’, click the ‘Account Level’ tab and take the steps to undergo verification, so that you become ‘Level 1’ and ‘Level 2’ verified. ‘Level 1’ verification usually requires verifying the email address you used to create your Telnyx account, by clicking a link included in a message sent to that email address. ‘Level 2’ verification can be requested by pressing the ‘Verify’ button in the ‘Level 2 Verification’ section (on the ‘Verifications’ tab). After you make your request for ‘Level 2’ verification, a representative from Telnyx will look at your account details and (s)he may send you an email asking about the way you plan to use your Telnyx account, after which (s)he will approve the ‘Level 2’ verification. Being ‘Level 1’ and ‘Level 2’ verified unlocks all the features of a Telnyx account: you can buy numbers, assign a connection/messaging profile to a number, set up global messaging capabilities, create a multi-user organization, make international calls, set up call forwarding, send SMS messages at a higher rate.

While logged in to your Telnyx account, click on ‘Numbers’, ‘My Numbers’ on the left panel. To buy a real phone number located in a country of your choice click on the ‘Search & Buy Numbers’ tab, then under ‘Local Numbers’, in the ‘Search Type’ select ‘Region’, in the ‘Region’ text field enter the name of the country, in the ‘Number Features’ select ‘Voice’, then, if you want your number to have other capabilities select other features such as ‘SMS’ from the drop-down list, then click on the ‘Search Numbers’ button. You will see a list with all the numbers available in the selected region. Choose the number that you like, click ‘Add to Cart’, then click on ‘Cart’ on the upper bar, then click on the ‘Place Order’ button.

After you have bought a local phone number click on ‘Numbers’, ‘My Numbers’ on the left panel; on the ‘My Numbers’ tab you will see your number in the list of acquired phone numbers.

Then click on ‘Voice’, ‘SIP Trunking’ on the left panel. On the ‘SIP Connections’ tab click on the ‘Add SIP Connection’ button, in the ‘Name’ field enter the name of the new SIP connection, for example SIP_Trip_Phone , then click on ‘Create SIP Connection’. After you create the new connection click on the small pencil icon to open the options window. On the options window, on the ‘BASIC’ tab, under ‘SIP Connection Type’ choose ‘Credentials’, then in the ‘Username’ field enter a username for this connection, siptripphoneuser for example, in the ‘Password’ field enter a strong password; write down the username and password to use them later. Next, under ‘AnchorSite’ choose a town that is closer to the physical location of your server, then, under ‘Expert Settings’, from the ‘Port’ drop-down list choose ‘rtcp-mux’. Next, click on the ‘INBOUND’ tab and in the ‘Destination Number Format (DNIS)’ drop-down list choose ‘SIP Username’. (The last 2 settings are extremely important. If you connect SIP Trip Phone to Telnyx via Asterisk, the last 2 settings will be different, namely ‘Port’: ‘rtp+1’ and ‘Destination Number Format (DNIS)’: ‘E.164’.) Leave all the other settings as they are and click on the ‘Save All Changes’ button.

To be able to make phone calls you will also need to configure an Outbound Voice Profile. On the left panel click on ‘Voice’, ‘Outbound Voice Profiles’, then click on the ‘Add New Profile’ button. In the ‘Name’ field enter a name for the profile, 1_outbound for example, then click ‘Create’. In the new window, under ‘Associated Connections and Applications’ click ‘Add connections/apps to profile’, select the name of the SIP connection created earlier, SIP_Trip_Phone in this example, by checking its checkbox, then click ‘Add Connections/Apps to profile’. Next, under ‘Traffic Type’ choose ‘Conversational’, then under ‘International Allowed Destinations’ select the countries and regions to which outbound calls will be allowed, by clicking their name. You can select all the 253 countries and regions, to allow outbound calls to all of them. Click on ‘Save’ to save the changes.

Next, create a Billing Group. Click on the ‘My Account’ icon in the upper right corner of the screen, then click on ‘Billing Overview’, then on the ‘Billing Groups’ tab. In the ‘Create Billing Group’ field enter a name, Default_Billing for example, then click on ‘Create’. Then add the billing group to your phone number: click on ‘Numbers’, ‘My Numbers’ on the left panel, then on your number’s row, in the ‘Billing Group’ field select the billing group that you have just created, Default_Billing in this example. Also, in the ‘Connection or App’ field on the same row, choose the connection created earlier, SIP_Trip_Phone in this example.

26.7.2.1.2. Configure the web server

Taking into account that cloud. example.com is the subdomain used to serve Nextcloud, to connect SIP Trip Phone directly to a Telnyx account, the server blocks configuration file of Nginx, /etc/nginx/sites-enabled/0-conf , should contain the following blocks:

Even if we don’t recommend using a subdirectory to serve Nextcloud, we explain here how you can use a subdirectory like example.com /nextcloud to serve Nextcloud and its applications, including SIP Trip Phone. Also, even if we don’t recommend using Apache as a web server, we explain here how Apache can be configured to serve Nextcloud on a subdomain or on a subdirectory.

26.7.2.1.3. Configure SIP Trip Phone

To configure SIP Trip Phone click on the profile picture in the upper right corner, click on ‘Settings’, then on the left sidebar, under ‘Personal’, click ‘SIP Trip Phone’. The credentials that have to be entered should look like this:

In the Display Name field you should enter the phone number that you have just configured in your Telnyx account, preceded by the country calling code: 49 for Germany, 33 for France, 44 for UK, 1 for USA, etc. So, if the number is 1212121212 and is located in Germany, the ‘Display Name’ should be 491212121212.

In the SIP User field enter the username for the SIP connection that you associated with your phone number in your Telnyx account, siptripphoneuser in this example. In the SIP User Password field enter the password for siptripphoneuser .

In the WSS URL field enter wss://sip.telnyx.com:7443

In the SIP Realm field enter sip.telnyx.com

In the STUN Server domain or IPv4 address, followed by port number field enter stun.telnyx.com:3478

Click ‘Save’ to save these settings.

26.7.2.2. Install SIP Trip Phone and connect it to Telnyx or Localphone via Asterisk

SIP Trip Phone can be installed like any other Nextcloud application: click on the profile picture from the upper right corner > Apps > search for ‘SIP Trip Phone’ using the search box on the upper bar > click ‘Download and install’. You will be able to start SIP Trip Phone only after you fill in the required fields on its Settings page, as explained below.

26.7.2.2.1. Install Asterisk and Coturn

Asterisk should be installed and configured as explained in detail in the Install Asterisk chapter.

To help in situations where callers are behind routers, install Coturn as a STUN server, as explained in the Install Coturn chapter.

26.7.2.2.2. Configure a Telnyx account

After you sign up for a Telnyx account click on the ‘My Account’ icon in the upper right corner of the screen, then click on ‘My Account’, click the ‘Account Level’ tab and take the steps to undergo verification, so that you become ‘Level 1’ and ‘Level 2’ verified. ‘Level 1’ verification usually requires verifying the email address you used to create your Telnyx account, by clicking a link included in a message sent to that email address. ‘Level 2’ verification can be requested by pressing the ‘Verify’ button in the ‘Level 2 Verification’ section (on the ‘Account Level’ tab). After you make your request for ‘Level 2’ verification, a representative from Telnyx will look at your account details and (s)he may send you an email asking about the way you plan to use your Telnyx account, after which (s)he will approve the ‘Level 2’ verification. Being ‘Level 1’ and ‘Level 2’ verified unlocks all the features of a Telnyx account: you can buy numbers, assign a connection/messaging profile to a number, set up global messaging capabilities, create a multi-user organization, make international calls, set up call forwarding, send SMS messages at a higher rate.

While logged in to your Telnyx account, click on ‘Numbers’, ‘My Numbers’ on the left panel. To buy a real phone number located in a country of your choice click on the ‘Search & Buy Numbers’ tab, then under ‘Local Numbers’, in the ‘Search Type’ select ‘Region’, in the ‘Region’ text field enter the name of the country, in the ‘Number Features’ select ‘Voice’, then, if you want your number to have other capabilities select other features such as ‘SMS’ from the drop-down list, then click on the ‘Search Numbers’ button. You will see a list with all the numbers available in the selected region. Choose the number that you like, click ‘Add to Cart’, then click on ‘Cart’ on the upper bar, then click on the ‘Place Order’ button.

After you have bought a local phone number click on ‘Numbers’, ‘My Numbers’ on the left panel; on the ‘My Numbers’ tab you will see your number in the list of acquired phone numbers.

Then click on ‘Voice’, ‘SIP Trunking’ on the left panel. On the ‘SIP Connections’ tab click on the ‘Add SIP Connection’ button, in the ‘Name’ field enter the name of the new SIP connection, for example SIP_Trip_Phone , then click on ‘Create SIP Connection’. After you create the new connection click on the small pencil icon to open the options window. On the options window, on the ‘BASIC’ tab, under ‘SIP Connection Type’ choose ‘Credentials’, then in the ‘Username’ field enter a username for this connection, siptripphoneuser for example, in the ‘Password’ field enter a strong password; write down the username and password to use them later. Next, under ‘AnchorSite’ choose a town that is closer to the physical location of your server, then, under ‘Expert Settings’, in the ‘Port’ drop-down list choose ‘rtp+1’. Next, click on the ‘INBOUND’ tab and in the ‘Destination Number Format (DNIS)’ drop-down list choose ‘E.164’. (The last 2 settings are extremely important. If you connect SIP Trip Phone to Telnyx directly, the last 2 settings will be different, namely ‘Port’: ‘rtcp-mux’ and ‘Destination Number Format (DNIS)’: ‘SIP Username’.) Leave all the other settings as they are and click on the ‘Save All Changes’ button.

To be able to make phone calls you will also need to configure an Outbound Voice Profile. On the left panel click on ‘Voice’, ‘Outbound Voice Profiles’, then click on the ‘Add New Profile’ button. In the ‘Name’ field enter a name for the profile, 1_outbound for example, then click ‘Create’. In the new window, under ‘Associated Connections and Applications’ click ‘Add connections/apps to profile’, select the name of the SIP connection created earlier, SIP_Trip_Phone in this example, by checking its checkbox, then click ‘Add Connections/Apps to profile’. Next, under ‘Traffic Type’ choose ‘Conversational’, then under ‘International Allowed Destinations’ select the countries and regions to which outbound calls will be allowed, by clicking their name. You can select all the 253 countries and regions, to allow outbound calls to all of them. Click on ‘Save’ to save the changes.

Next, create a Billing Group. Click on the ‘My Account’ icon in the upper right corner of the screen, then click on ‘Billing Overview’, then on the ‘Billing Groups’ tab. In the ‘Create Billing Group’ field enter a name, Default_Billing for example, then click on ‘Create’. Then add the billing group to your phone number: click on ‘Numbers’, ‘My Numbers’ on the left panel, then on your number’s row, in the ‘Billing Group’ field select the billing group that you have just created, Default_Billing in this example. Also, in the ‘Connection or App’ field on the same row, choose the connection created earlier, SIP_Trip_Phone in this example.

26.7.2.2.3. Configure a Localphone account

After you sign up for a Localphone account at https://www.localphone.com/register, log in to your account and click on the ‘Internet Phone’ tab, then click on ‘Manage this account’ next to your SIP ID. On the next screen, under ‘Call from your own VoIP device’ you will find your ‘SIP ID’, ‘SIP Password’ and ‘Server’ that you’ll need to configure Asterisk, so write them down.

To buy a real phone number located in a country of your choice, first click on the ‘Incoming Numbers’ tab, then under ‘Get more Incoming Numbers’ select the country where you want your new phone number to be located, then click on ‘Continue’; you will see a list with the towns or states of the selected country, and you will have to choose in which town or state you want your number to be located; click on ‘Select’ or ‘View Locations’, then click on ‘Purchase’ or on ‘Select’ then ‘Purchase’.

Please note that for some countries, like Germany, to be able to buy a local number, you have to be a resident of that country. When selecting a number located in a town of such a country, you will have to send the copy of a bill or of an ID card showing that you are a resident of that country.

After you have bought a local phone number, click on the ‘Incoming Numbers’ tab, then, under ‘Your Incoming Numbers’, click on the ‘Manage Number’ link next to the local number. Then, under ‘Forward incoming calls’, click on ‘Forward calls to a SIP URI (advanced)’ and in the text box displayed below enter:

sip: 8611 @ 123.123.123.123 : 5827

where 8611 is the name of the extension configured in Asterisk, where you want all the incoming calls to be forwarded by Localphone, 123.123.123.123 is the public IP of your server, and 5827 is the custom Asterisk port that you have set up when installing Asterisk. Then click on ‘Update’. With these settings in place, all the calls to your newly acquired local phone number will be forwarded by Localphone to your Asterisk server, to extension 8611 .

If you acquire more than one real phone number from Localphone, you can configure the other numbers in a similar way. You can forward the calls from all the real phone numbers to the same extension, 8611 , or you can forward the calls from each number to a different extension. So, you forward the calls from the first phone number to 8611 , the calls from the second phone number to 8612 , the calls from the third phone number to 8613 , etc.

26.7.2.2.4. Configure the web server

Taking into account that cloud. example.com is the subdomain used to serve Nextcloud, to connect SIP Trip Phone to Telnyx or Localphone via Asterisk, the server blocks configuration file of Nginx, /etc/nginx/sites-enabled/0-conf , should contain the following blocks:

Even if we don’t recommend using a subdirectory to serve Nextcloud, we explain here how you can use a subdirectory like example.com /nextcloud to serve Nextcloud and its applications, including SIP Trip Phone. Also, even if we don’t recommend using Apache as a web server, we explain here how Apache can be configured to serve Nextcloud on a subdomain or on a subdirectory.

26.7.2.2.5. Configure SIP Trip Phone

Click on the profile picture > Settings > then, on the left sidebar, under ‘Personal’ click ‘SIP Trip Phone’. The credentials that have to be entered should look similar to the following:

– in the Display Name field enter your name or a nickname;

– in the SIP user field enter the extension configured on the Asterisk server that you want to use (Eg: 601);

– in the SIP User Password enter the password for that Asterisk extension (set up in the /etc/asterisk/pjsip.conf file);

– in the WSS URL field enter wss://cloud. example.com :8089/ws ;

– in the SIP Realm field enter the IPv4 address of your server, eg. 123.123.123.123 ;

– in the STUN Server domain or IPv4 address, followed by port number field enter 123.123.123.123 :8443 , where 123.123.123.123 is the IP of your server, then click ‘Save’;

If Nginx, Asterisk and Coturn are properly configured as described in the above mentioned chapters, and you have completed the required fields on the application’s Settings page as explained above, to start SIP Trip Phone, all you need to do is to click on its icon on the upper bar. The browser will warn you about opening a pop-up window. Accept opening the pop-up window and then you will be asked for permission to allow the application to access your microphone. Click ‘Allow’. (When you log in to Nextcloud, you also see a message on the upper bar asking if you allow notifications from the domain of your Nextcloud installation. You should click ‘Allow’ in order to see on-screen notifications when you receive new calls.) The phone’s pop-up window will look like this:

If you click on the ‘Show Keypad’ button in the upper left corner, the keypad will show up:

26.7.2.3. Making calls with SIP Trip Phone

To make a call, use the keypad to enter the number and press ‘Call’, or use the keyboard of your computer to enter the number in the number field, then press Enter.

If you want to make a call to one of the extensions of your own company/organization, just call that extension (601, 602, 603, etc.). As explained before, the number of an internal extension can be of any length, although, for simplicity, they are in general made up of 3 digits.

If you want to call a number outside your company/organization, don’t forget to place a 9 in front of the phone number if you want to make calls using Telnyx, or an 8 if you want to make calls using Localphone (as per the settings made in Asterisk explained earlier). Also, the 9 or 8 have to be followed by the country calling code, and only afterwards by the recipient’s number. For example, if you want to call the German number 1212121212 using Telnyx, you’ll have to call:

where 49 is the country calling code for Germany.

26.7.2.4. Receiving calls with SIP Trip Phone

To receive calls with SIP Trip Phone just leave the phone’s window open. You can also minimize it. All incoming calls will be announced in 3 different ways:

1) SIP Trip Phone will generate the classic intermittent ringing sound. You can hear it in your headphones, earphones or computer speakers.

2) System notifications will appear in the upper right or lower right corner of the screen, with the message: ‘New incoming call !’

3) The title of the window will blink, showing the message: ‘New call . ’.

Given these signals, even if you don’t have your headphones close to your ears to hear the ringing, you can still notice the system notifications or the blinking title. The three signals make new calls hard to miss. Even if you miss a call, you’ll see the number of the caller in the recent calls log, in the application’s window (if you haven’t closed the window).

Please note that if you leave the phone’s window open (possibly minimized), even if you log out of Nextcloud, the phone will remain connected to Asterisk and will be perfectly functional, allowing you to receive and make phone calls.

26.7.2.5. SIP Trip Phone workflow

Please note that any individual user will have to enter their own credentials on the settings page: by clicking on the profile picture from the upper right corner > ‘Settings’ > then in the left panel, under ‘Personal’, by clicking ‘SIP Trip Phone’. They can’t use the phone if they don’t have their own extension configured in Asterisk and if they don’t enter their credentials in SIP Trip Phone’s settings.

The admin can restrict the use of the application to certain user groups by clicking on the profile picture in the upper right corner > ‘Apps’, then by clicking on ‘SIP Trip Phone’ in the list of apps, then by checking the ‘Limit to groups’ checkbox, then entering the name of the group whose members will be allowed to use the application.

26.7.2.6. Disable the microphone indicator in Firefox

By default, when a web page requests access to the computer’s microphone or webcam and the user grants access, a microphone/webcam indicator icon is displayed at the top of the screen until that web page is closed. If you want to disable this microphone/webcam indicator when using SIP Trip Phone and in other similar situations, follow these steps:

– In Firefox, go to ‘Help’ > ‘Troubleshooting Information’ and find the directory listed in ‘Profile Directory’. For Debian 11, this is /root/.mozilla/firefox/oikqae27.default-esr

– In the ‘Profile Directory’ create the chrome directory ( /root/.mozilla/firefox/oikqae27.default-esr/chrome )

– In the chrome directory create the file userChrome.css file with the following content:

– Type about:config in the address bar of Firefox, press Enter, click ‘I accept the risk’, then search for:

Double-click it to change its value from false to true .

26.7.2.7. Upgrading SIP Trip Phone

SIP Trip Phone can be upgraded like any other Nextcloud application. If you click on the profile picture, then on Apps, and you see that SIP Trip Phone has an active ‘Update’ button, click on it and the new version will be installed.

26.7.3. Install SMS Relentless

SMS Relentless connects to a ‘telnyx.com’, ‘plivo.com’, ‘twilio.com’ or ‘flowroute.com’ account to send and receive SMS/MMS messages. It needs at least one SMS enabled phone number acquired from Telnyx, Plivo, Twilio or Flowroute. It allows sending and receiving SMS/MMS messages from a browser, using one or multiple phone numbers located in a country chosen by the user. The numbers can be acquired from either of the 4 providers or from all. Users can send individual SMS/MMS messages to any SMS/MMS enabled phone numbers in the world, they can send messages to multiple recipients by uploading ‘csv’ or ‘txt’ files containig the target phone numbers, they receive delivery receipts for sent messages, they receive Nextcloud notifications and can also receive email notifications when new messages arrive, they can list all the sent and received messages in paginated tables, filter all the messages by any table column, archive messages older than a specified number of days before deleting them, so that they become available for future viewing and analysis, list current balance and current phone numbers, set alphanumeric sequences as Sender IDs for sent messages, etc.

For SMS Relentless to work correctly, the well-known ‘libcurl’ PHP library has to be installed on the server (it’s usually installed automatically when PHP is installed), and the logtimezone parameter has to be included in the Nextcloud configuration file, like this:

Replace Europe/Berlin with your own timezone. Accepted timezones can be found here.

Before explainig how to install and configure SMS Relentless, we’ll describe how to buy a real phone number from Telnyx/Plivo/Twilio/Flowroute and configure it for SMS messaging.

26.7.3.1. Acquire a phone number from Telnyx and configure it for SMS messaging

After you sign up for a Telnyx account here and log in to your account here, the first thing to do is to click on the ‘My Account’ icon in the upper right corner of the screen, then click on ‘My Account’, click on the ‘Account Level’ tab and then take the steps to undergo verification, to become ‘Level 1’ and ‘Level 2’ verified. ‘Level 1’ verification usually requires verifying the email address you used to create your Telnyx account, by clicking a link included in a message sent to that email address. ‘Level 2’ verification can be requested by pressing the ‘Verify’ button in the ‘Level 2 Verification’ section (on the ‘Account Level’ tab). After you make your request for ‘Level 2’ verification, a representative from Telnyx will look at your account details and (s)he may send you an email asking about the way you plan to use your Telnyx account, after which (s)he will approve the ‘Level 2’ verification. Being ‘Level 1’ and ‘Level 2’ verified unlocks all the features of a Telnyx account: you can buy numbers, assign a connection/messaging profile to a number, set up global messaging capabilities, create a multi-user organization, make international calls, set up call forwarding, send SMS messages at a higher rate.

While logged in to your telnyx.com account, click on ‘Numbers’, ‘My Numbers’ on the left panel. To buy a real phone number located in a country of your choice click on the ‘Search & Buy Numbers’ tab, then under ‘Local Numbers’, in the ‘Search Type’ select ‘Region’, in the ‘Region’ text field enter the name of the country, in the ‘Number Features’ select ‘Voice’, then, if you want your number to have other capabilities select other features such as ‘SMS’ from the drop-down list, then click on the ‘Search Numbers’ button. You will see a list with all the numbers available in the selected region. Choose the number that you like, click ‘Add to Cart’, then click on ‘Cart’ on the upper bar, then click on the ‘Place Order’ button.

After you have bought a local phone number click on ‘Numbers’, ‘My Numbers’ on the left panel; on the ‘My Numbers’ tab you will see your number in the list of acquired phone numbers.

Then create a new messaging profile: click on ‘Messaging’, ‘Programmable Messaging’ on the left panel, then click the ‘Add new profile’ button, then enter a name for the new messaging profile in the ‘Profile Name’ field, then click the ‘Save’ button. To associate the new messaging profile with the phone number that you have just bought, click on ‘Numbers’, ‘My Numbers’ on the left panel, then, on the row of the phone number, on the ‘Messaging Profile’ column, click on the drop-down list and select the name of the messaging profile that you have just created. When you assign a messaging profile to a phone number, a $0.10 fee will be added to the monthly recurring charge for that phone number. Therefore, if the phone number costs $1.00 per month, after you assign a messaging profile to it and by doing so you enable it to send and receive SMS messages, the monthly recurring charge for that number will be $1.10. The same messaging profile can be associated with multiple phone numbers.

Next, create a ‘Billing Group’. Click on the ‘My Account’ icon in the upper right corner of the screen, click on ‘Billing Overview’, then click on the ‘Billing Groups’ tab. In the ‘Create Billing Group’ field enter a name for the new billing group, then click on ‘Create’. Then add the billing group to your phone number: click on ‘Numbers’, ‘My Numbers’ on the left panel, then on your number’s row, in the ‘Billing Group’ field select the name of the billing group that you have just created.

26.7.3.2. Acquire a phone number from Plivo and configure it for SMS messaging

After you sign up for a Plivo account here and log in to your account here, to buy a phone number click on the pound sign (#) on the left hand vertical bar, then, on the left sidebar, under ‘Phone Numbers’, click on ‘Buy Numbers’. From the ‘Country’ drop-down list select the country where you want your number to be located. Under ‘Type’ check ‘Any’ and under ‘Capability’ check ‘Any’. If you know what prefix you want for your number, type the prefix in the ‘Number’ field, while having ‘Number’ selected from the ‘drop-down’ list. You can also choose ‘Location’ from that drop-down list, then type the name of the city or state you want your number to be located in. Click the ‘Search’ button to search for the available phone numbers, then pick a phone number that you like. The number should have at least ‘SMS’ specified on the ‘Capability’ column. To buy the number just click the ‘Buy Number’ button.

After you have bought a real phone from Plivo, click on ‘Your Numbers’ on the left sidebar, then, under ‘Number and Area’ click on your phone number. In the new window, from the ‘Application Type’ drop-down list choose ‘XML Application’ and from the ‘Plivo Application’ drop-down list choose ‘Inbound SMS Messages’, then click the ‘Update Number’ button. If during tests you try to send a message from a 10 digit number to itself, it won’t get through, since Plivo doesn’t allow sending SMS messages from a 10 digit number to itself.

26.7.3.3. Acquire a phone number from Twilio and configure it for SMS messaging

After you sign up for a Twilio account here, and log in to your account here, to buy a phone number click on ‘Phone Numbers’ on the left panel > ‘Manage’ > ‘Buy a number’. Then select the country where you want your phone number to located from the ‘Country’ drop down list, check the checkboxes for the capabilities that you want your number to have: Voice, SMS, MMS, Fax. Next, under ‘Search criteria’ you can select ‘Locality’, then enter the name of a state or city in the next textbox, then click the ‘Search’ button. If you click ‘Advanced Search’, you can add additional filters: local/mobile/toll-free number, (providing proof of) address requirements, etc. After you click the ‘Search’ button, all the available phone numbers will be listed, according to your filters. Choose one phone number and click the ‘Buy’ button. A pop up window will inform you about the number capabilities, etc. Click the ‘Buy …’ button again and you will be redirected to the payment page where you can pay with your debit/credit card. After purchase, the phone number will be listed on the active phone numbers page: on the left panel click ‘Phone Numbers’ > ‘Manage’ > ‘Active phone numbers’. If you click on the phone number you will go to the ‘Configure’ page for that number, where you can add the webhook URL for incoming messages, as explained in the Twilio Settings section from below.

To be able to send messages from a phone number that you have purchased as explained above, you will have to enable sending messages to the country/countries where the destination numbers are located. To enable sending messages to different countries, on the left panel, click on ‘Messaging’ > ‘Settings’ > ‘Geo permissions’. On the ‘Messaging Geographic Permissions’ page you can check each country to which you want to be able to send messages, or you can select whole continents by checking the ‘Enable all’ checkbox under each continent’s name.

You can also associate your number with a ‘Messaging Service’, either alone, or together with other numbers or Alphanumeric Sender IDs. A Messaging Service is a type of ‘bundling’ messaging functionalities around a set of senders. The same feature configuration applies to all the senders (long code numbers, short codes, toll-free numbers, Alphanumeric Sender IDs, etc.) in the same Messaging Service pool. To create a Messaging Service and associate a number with it, on the left panel, click on ‘Messaging’ > ‘Services’, then click the ‘Create Messaging Service’ button, enter a name for the new Messaging Service in the ‘Messaging Service friendly name’ field, then select the general purpose for the Messaging Service under ‘Select what you want to use Messaging for’ (‘Notify users’, ‘Market services’, ‘Verify users’, ‘Engage in a discussion’, ‘Poll and survey users’, or you can select ‘Not listed here’). After you click ‘Create Messaging Service’, you will see the ‘Sender Pool’ page. There, when you will click the ‘Add Senders’ button, a pop up window will open. Under ‘Sender Type’ you will select any of ‘Phone Number’, ‘Short Code’, ‘Alpha Sender’, etc. If you select ‘Phone Number’ and click ‘Continue’, you will be able to add any of your active phone numbers to the new Messaging Service, then, on the ‘Integration’ page you will be able to configure the behavior for incoming messages, delivery status webhook and queue time limit. There are also the ‘Content Settings’, ‘A2P & Compliance’ and ‘Opt-Out Management’ sections, where you can find different useful options.

If during tests you try to send a message from a 10 digit number to itself, it won’t get through, since Twilio doesn’t allow sending SMS messages from a 10 digit number to itself.

26.7.3.4. Acquire a phone number from Flowroute and configure it for SMS messaging

After you sign up for a Flowroute account here, and log in to your account here, first you will be prompted to enter your address and to add funds to your new account. You can use a debit/credit card to add funds (the minimum amount accepted is $40). You can always update your address by clicking on ‘Preferences’ on the left panel and then on the ‘Account Information’ tab.

Before buying a phone number, you may want to click on ‘Preferences’ on the left panel, then click on the ‘Features’ tab, then turn off the ‘CNAM Lookups by Default’ switch, to avoid incurring additional fees for CNAM lookups for the newly purchased numbers.

It’s important to note that Flowroute only supports sending/receiving SMS/MMS messages within USA and Canada (and it doesn’t support Alphanumeric Sender IDs). Therefore, if you want to buy an SMS/MMS enabled phone number, you can only choose one located in USA or Canada and you can use it to send and receive messages only to and from USA and Canada. (On the other hand, Flowroute offers voice enabled phone numbers in 160 countries.)

To buy a phone number click on ‘DIDS’ on the left panel, then click on the ‘Purchase’ tab. On the ‘DID Purchase’ page you can use the filters on the left panel to search for the available phone numbers in the country/state of your choice. Once you see the list of available phone numbers, you can choose a number and click the ‘Purchase’ button next to it. A pop up message will ask if you want to send/receive SMS/MMS messages on the chosen number. Click ‘Yes’ and the number will be added to the list of purchased numbers that you can see by clicking on the ‘Manage’ tab.

The next step is to enable the latest messaging API version by clicking on ‘Preferences’ on the left panel, then clicking on the ‘API Control’ tab, then scrolling down to the ‘SMS Webhook Version’ and choosing ‘v2.1’, since this is the latest stable version of the messaging API.

To be able to send/receive messages, you will have to also create a pair of API keys and add the webhook URL for receiving messages on the same ‘API Control’ tab, as explained in the Flowroute Settings section from below.

26.7.3.5. Install and configure SMS Relentless

You can install SMS Relentless like any other Nextcloud application. Click on the profile picture from the upper right corner > Apps > search for ‘SMS Relentless’ using the search box on the upper bar > click ‘Download and install’. Next, configure SMS Relentless by clicking on the profile picture > Settings > then, on the left panel under ‘Personal’ click ‘SMS Relentless’. In the settings fields, you can fill in your credentials from Telnyx if you want to use Telnyx as SMS service provider, or you can fill in your credentials from Plivo if you want to use Plivo. Of course, if you have bought phone numbers from both providers and you want to use both, fill in the credentials for both. Fill in the settings fields as follows:

Telnyx Settings

– in the Telnyx API Secret Key field enter your Telnyx API Key: log in to Telnyx, then, on the ‘Home’ page, in the ‘API Keys’ section from the upper right corner, click on ‘Manage Keys’. If you already have an API key, just copy it by clicking the ‘Copy to clipboard’ icon. Otherwise, to create an API key, click the ‘Create API Key’ button, on the pop up message click ‘Create’, then copy the Key and enter it in the Telnyx API Secret Key field.

– in the Telnyx Account Public Key field enter the public key necessary to verify the signature of the incoming SMS messages: while logged in to Telnyx, on the ‘Home’ page, in the ‘API Keys’ section from the upper right corner, click on ‘Manage Keys’, then click on ‘Public Key’ on the upper bar, then copy the key from the ‘Key’ field and enter it in the Telnyx Account Public Key field.

– in the Messaging Profile ID enter the messaging profile ID that you will be using (you can have multiple phone numbers associated with the same messaging profile ID): while logged in to Telnyx, click on ‘Messaging’ on the left panel, click on the name of the messaging profile that you want to use, then under ‘Profile ID’ you will find the messaging profile ID. Copy it and enter it in the Messaging Profile ID field.

– in the Telnyx webhook URL for incoming SMS/MMS field enter the webhook URL for incoming messages. You have to first generate and then copy this URL into your Telnyx account, so that Telnyx knows where to deliver the SMS/MMS messages received by your Telnyx phone number(s). First generate the URL by pressing the ‘Generate new webhook URL for incoming SMS/MMS’ button, copy it, then, in your Telnyx account click on ‘Messaging’, then on ‘Programmable Messaging’ on the left panel, click on the name of the messaging profile that you associated with your phone number(s), then, under ‘Inbound Settings’, enter the webhook URL generated here in the field ‘Send a webhook to this URL’, then click ‘Save’.

– in the Telnyx webhook URL for delivery receipts field enter the webhook URL for the delivery receipts that you will receive for sent messages. This URL will be included by SMS Relentless in message sending requests, so that Telnyx knows where to send the delivery receipts. Just generate it by pressing the ‘Generate new webhook URL for delivery receipts’ button. You don’t have to enter this URL into your Telnyx account.

– in the Telnyx alphanumeric Sender ID field you can enter an alphanumeric sequence of up to 11 characters in the range of a-z, A-Z, 0-9 and space, if you intend to use an alphanumeric Sender ID. In certain countries there are regulations that accept only shorter alphanumeric Sender IDs, such as up to 6 characters. You cannot send SMS/MMS messages with alphanumeric Sender IDs to USA or Canada. There are even countries that require preregistration of alphanumeric Sender IDs. Before sending SMS/MMS messages to a country it’s recommended to read the country specific features and restrictions. Some carriers won’t accept messages with an alphanumeric Sender ID.

Plivo Settings

– in the Plivo Auth ID field enter your Plivo Auth ID: log in to Plivo, then, on the first page which is the Overview page, under Account, copy the ‘Auth ID’.

– in the Plivo Auth Token field enter the auth token: while logged in to Plivo, on the Overview page, under Account, copy the ‘Auth Token’.

– in the Plivo webhook URL for incoming SMS/MMS field enter the webhook URL for incoming messages. You have to first generate and then copy this URL into your Plivo account, so that Plivo knows where to deliver the SMS/MMS messages received by your Plivo phone number(s). First generate the URL by pressing the ‘Generate new webhook URL for incoming SMS/MMS’ button, copy it, then, in your Plivo account click on ‘Messaging’ on the left vertical bar, click on ‘Applications’, then, under ‘Application name’ click on ‘Inbound SMS Messages’, next, under ‘Message’, enter the webhook URL generated earlier in the field ‘Message URL’ and select ‘POST’ next to it, then click the ‘Update Application’ button.

– in the Plivo webhook URL for delivery receipts field enter the webhook URL for the delivery receipts that you will receive for sent messages. This URL will be included by SMS Relentless in message sending requests, so that Plivo knows where to send the delivery receipts. Just generate it by pressing the ‘Generate new webhook URL for delivery receipts’ button. You don’t have to enter this URL into your Plivo account.

– in the Plivo alphanumeric Sender ID field you can enter an alphanumeric sequence of up to 11 characters in the range of a-z, A-Z, 0-9 and space, if you intend to use an alphanumeric Sender ID. In certain countries there are regulations that accept only shorter alphanumeric Sender IDs, such as up to 6 characters. You cannot send SMS/MMS messages with alphanumeric Sender IDs to USA or Canada. There are even countries that require preregistration of alphanumeric Sender IDs. Before sending SMS/MMS messages to a country it’s recommended to read the country specific features and restrictions. Some carriers won’t accept messages with an alphanumeric Sender ID.

Twilio Settings

– in the Twilio Account SID field enter your Twilio Account SID: log in to Twilio, then, on the first page, under Account Info, copy the ‘Account SID’.

– in the Twilio Auth Token field enter your Auth Token: while logged in to Twilio, on the first page, under Account Info, copy the ‘Auth Token’.

– in the Twilio webhook URL for incoming SMS/MMS field enter the webhook URL for incoming messages. You have to first generate and then copy this URL into your Twilio account, so that Twilio knows where to deliver the SMS/MMS messages received by your Twilio phone number(s). First generate the URL by pressing the ‘Generate new webhook URL for incoming SMS/MMS’ button, copy it, then, in your Twilio account click on ‘Phone Numbers’ on the left panel > ‘Manage’ > ‘Active numbers’, click on the phone number you want to use for SMS/MMS, scroll down to the ‘Messaging’ section, then under ‘A MESSAGE COMES IN’ select ‘Webhook’, then paste in the webhook URL that you have just generated and select ‘HTTP POST’ as the request type. Enter the same data under ‘PRIMARY HANDLER FAILS’, then click the ‘Save’ button. If you have multiple SMS/MMS enabled phone numbers, do the same for each number.

– in the Twilio webhook URL for delivery receipts field enter the webhook URL for the delivery receipts that you will receive for sent messages. This URL will be included by SMS Relentless in message sending requests, so that Twilio knows where to send the delivery receipts. Just generate it by pressing the ‘Generate new webhook URL for delivery receipts’ button. You don’t have to enter this URL into your Twilio account.

– in the Twilio alphanumeric Sender ID field you can enter an alphanumeric sequence of up to 11 characters in the range of a-z, A-Z, 0-9 and space, if you intend to use an alphanumeric Sender ID. In certain countries there are regulations that accept only shorter alphanumeric Sender IDs, such as up to 6 characters. You cannot send SMS/MMS messages with alphanumeric Sender IDs to USA or Canada. There are even countries that require preregistration of alphanumeric Sender IDs. Before sending SMS/MMS messages to a country, it’s recommended to read the country specific features and restrictions. Some carriers won’t accept messages with alphanumeric Sender IDs.

Flowroute Settings

– in the Flowroute Access Key field enter your Acess Key: log in to Flowroute. On the left panel, click on ‘Preferences’, then on the ‘API Control’ tab. Scroll down to the ‘API Keys’ section. If you already have a pair of keys listed in that section, just copy the Access Key to the field from below. If you haven’t created any keys yet, to create a key pair, under ‘Add new API Key’, in the ‘Name’ field, enter a name for the new key pair. In the ‘Description’ field enter a short description, then click ‘Add new’. A new pair of keys will be created and you will be prompted to copy the Secret Key. Copy it in a safe location.

– in the Flowroute Secret Key field enter the Secret Key that you created earier.

– in the Flowroute webhook URL for incoming SMS/MMS field enter the webhook URL for incoming messages. You have to first generate and then copy this URL into your Flowroute account, so that Flowroute knows where to deliver the SMS/MMS messages received by your Flowroute phone number(s). First generate the URL by pressing the button from below, copy it, then, in your Flowroute account click on ‘Preferences’ on the left panel, then click on the ‘API Control tab’, turn on the ‘SMS’ switch and in the field that shows up enter the URL that you have just generated. Click ‘Save URL’. If you have an MMS enabled phone number, turn on the ‘MMS’ switch, enter the same URL in the URL field and save it. Also, under ‘SMS Webhook Version’ choose ‘v2.1’.

– in the Flowroute webhook URL for delivery receipts field enter the webhook URL for the delivery receipts that you will receive for sent messages. This URL will be included by SMS Relentless in message sending requests, so that Flowroute knows where to send the delivery receipts. Just generate it by pressing the ‘Generate new webhook URL for delivery receipts’ button. You don’t have to enter this URL into your Flowroute account.

Flowroute only supports sending/receiving SMS/MMS messages within USA and Canada and it doesn’t support Alphanumeric Sender IDs.

– in the Number of messages per page field enter the number of messages to be displayed on one page of the received and sent messages tables. If you don’t enter anything in this field, the default of 100 messages per page will be used.

– check the I want to see a notification in Nextcloud when a new SMS/MMS is received checkbox if you want to see Nextcloud notifications when new SMS/MMS messages arrive.

– if you want to enable email notifications enter your email address in the I want to receive a notification to the email address from below, when a new SMS/MMS is received field.

– if you want the SMS/MMS message to be included in the email notification, check the Include the SMS/MMS message in the email notification itself checkbox.

Click ‘Save’ to save all the settings to the database.

26.7.3.6. Using SMS Relentless

To use SMS Relentless just click on its icon on the upper bar, inspect the Telnyx/Plivo/Twilio/Flowroute available balance by selecting the name of the provider from the Balance drop-down list, then click on the refresh button on the Set ID line to refresh the list of available sender IDs, then choose one of the phone numbers or alphanumeric IDs from the drop-down list, then enter the phone number of the receiver preceded by the country code in the phone number field (Eg.: 491212121212, where 49 is the country calling code), then enter the text of the message in the message text area, then press the ‘Send SMS’ button.

You can send the same message to multiple receivers by writing their phone numbers in the number field one after the other separated by coma, or if you have a large number of receivers, like hundreds or thousands, you can upload a txt or csv file by checking the ‘Upload file with phone numbers’ checkbox. In this case you should also specify the time interval in milliseconds between two consecutive message sending requests. You will find information about different restrictions regarding the message sending rate in the info note located above the ‘Upload the file’ button.

If your message contains special characters that don’t exist in the GSM 7-bit default alphabet table, it will be automatically encoded using the UCS-2 character encoding (similar to Unicode).

You can see the received SMS messages by clicking the ‘Received SMS Messages’ button and the sent messages by clicking the ‘Sent SMS messages’ button. Both tables have a row of filters at the top, that you can use to filter the messages by the content of one or multiple columns. The row of filters shows up when you click on the arrow from the top left corner of the application content area. You can also permanently delete messages by selecting them and then clicking on the ‘Permanently delete’ icon located on the left end of the filter row.

If you are a member of the ‘admin’ Nextcloud group, you can also remove old messages to keep the database small, by checking the ‘Remove old messages’ checkbox located below the ‘Sent SMS Messages’ button. You can remove all the messages that are older than the number of days that you specify in the appropriate fields. This can be done for both sent and received messages. If you delete old messages in this way, they won’t be really lost, because before deleting them, the application saves the messages in csv files that you can later find in the SMS_Relentless/removed_received_messages, and SMS_Relentless/removed_sent_messages folders. The csv files have names that include the date of the message removal. If they try to use this option, users that are not in the ‘admin’ group will see a popup message informing them that only admins can remove old messages.

If you have an MMS enabled phone number, you can send up to 10 files of various formats, including jpeg, png and gif, as MMS messages. After you check the ‘Select file(s) to send as MMS’ checkbox, an info note will display all the necessary information about the file format and size restrictions applicable to the provider who’s phone number you selected in the ‘Set ID’ drop-down list.

Since the deliverability of MMS messages depends on the carrier and device of the receiver and carriers can reject MMS messages with files exceeding a certain size, it’s recommended to avoid sending large files or with uncommon formats. The best deliverability is achieved when sending jpeg/jpg, png or gif files, with a total message size of 600 KB or less.

The files included in incoming MMS messages are not downloaded automatically. They are stored as URL links to the actual files and the receivers can download them only if they trust the senders and the domains of the URLs.

26.7.3.7. SMS Relentless workflow

Please note that in order to be able to use this application, any individual user has to have the credentials entered on the SMS Relentless’ settings page, in his own Nextcloud account (in Nextcloud ‘Settings’, on the left panel, under ‘Personal’, ‘SMS Relentless’).

In the most simple use case, where there is only one Telnyx/Plivo/Twilio/Flowroute account with one phone number associated with it, the admin, who creates the Nextcloud account for each Nextcloud regular user, will enter his own credentials (API access keys/tokens/IDs) on the SMS Relentless settings page of each regular user account. The 2 webhook URLs should be generated for each individual user by pressing the respective buttons. The webhook URL for delivery receipts being different from one user to the other, will allow each user to get the delivery receipts for the messages that he sends. In this type of setup, the admin’s credentials from the settings page are invisible to regular users, because they are replaced with placeholders once they are saved to the database (in encrypted form). Each message sent by a user will appear in the ‘Sent SMS Messages’ table as being sent by that respective user, and all the received messages will appear in the ‘Received SMS messages’ table as being received by the admin user, whose credentials are on the settings page.

Another use case is when different app users have different phone numbers in the same Telnyx/Plivo/Twilio/Flowroute account. In this situation, each user will enter the same credentials on the settings page, but they will have different webhook URLs for receiving messages, since separate phone numbers allow setting up separate webhook URLs for receiving messages.

Another use case is when different SMS Relentless users have different Telnyx/Plivo/Twilio/Flowroute accounts with different phone numbers associated with them. In this case, each user will enter his own credentials on the settings page and obviously, his own webhook URL for receiving messages.

In the ‘Sent SMS Messages’ table, each message record will show the user who sent the message and from what phone number. If all the users have different phone numbers in the same Telnyx/Plivo/Twilio/Flowroute account, or different Telnyx/Plivo/Twilio/Flowroute accounts, in the Received Messages table, each message record will show the specific user who received the message. As mentioned above, when all the users use the admin’s credentials on the settings page, all the received messages will be displayed in the ‘Received SMS Messages’ table as being received by the admin.

The admin can restrict the use of the application to certain user groups by clicking on the profile picture in the upper right corner > Apps, then by clicking on ‘SMS Relentless’ in the list of apps, then by checking the ‘Limit to groups’ checkbox, then entering the name of the group whose members will be allowed to use the application.

26.7.3.8. Upgrading SMS Relentless

SMS Relentless can be upgraded like any other Nextcloud application. If you click on the profile picture, then on Apps, and you see that SMS Relentless has an active ‘Update’ button, click on it and the new version will be installed.

26.7.4. Install Pax Fax

Pax Fax allows sending and receiving faxes in Nextcloud by connecting to a ‘phaxio.com’ account. A real fax number acquired from Phaxio is needed. Users can send up to 20 documents in one fax call (supported file formats are: pdf, doc, docx, odt, jpeg/jpg, png, tiff/tif, txt, html), they can send faxes to 15 different fax numbers at once, they can receive faxes as pdf documents in Nextcloud, they receive notifications in Nextcloud and can receive email notifications when new faxes arrive. All the sent and received faxes are stored in specific Nextcloud folders. Users can search for faxes by caller/callee phone number or date; they can see the current Phaxio balance; they can set their fax number as caller ID for sent faxes. When they want to send a fax, they can upload files from their computer or choose them directly from Nextcloud.

For Pax Fax to work correctly, the well-known ‘libcurl’ PHP library has to be installed on the server (it’s usually installed automatically when PHP is installed), and the logtimezone parameter has to be included in the Nextcloud configuration file, like this:

Replace Europe/Berlin with your own timezone. Accepted timezones can be found here.

Like with any other Nextcloud application, to install Pax Fax click on the profile picture from the upper right corner > ‘Apps’ > search for ‘Pax Fax’ using the search box on the upper bar > click ‘Download and install’. Next, configure Pax Fax by clicking on the profile picture > ‘Settings’ > then, on the left panel, under ‘Personal’ click ‘Pax Fax’.

– in the Phaxio API Key and Phaxio API Secret fields enter the key and secret that you can find by logging in to Phaxio and clicking ‘API Keys’ on the left panel; then, under ‘Live Keys’ you will find the ‘API Key’ and the ‘API Secret’.

– in the Phaxio Webhook Token field enter your webhook token that you can find in your Phaxio account, by clicking ‘Webhooks’ on the left panel, then scrolling down to ‘Webhook Token’.

– in the Phaxio callback URL for incoming faxes field enter the callback URL that Phaxio will use to send incoming faxes to. This URL must have the form: https:// username : 6VTGs-c36j4-qK2wm-RgJcl-9pjUD @ cloud.example.com /apps/pax_fax/api/recfaxphaxio if Nextcloud is served on a subdomain, or https:// username : 6VTGs-c36j4-qK2wm-RgJcl-9pjUD @ example.com/nextcloud /apps/pax_fax/api/recfaxphaxio if Nextcloud is served on a subdirectory, where username is the Nextcloud user who has a Phaxio phone number in her/his Phaxio account (callback URLs can only be configured one per Phaxio phone number. If username contains an @ , replace @ with &commat; otherwise the URL won’t function), 6VTGs-c36j4-qK2wm-RgJcl-9pjUD is the ‘application password’ created for this purpose as explained below, and cloud.example.com is your Nextcloud domain. To create the Nextcloud ‘application password’ click on the profile picture in the upper right corner, then click ‘Personal settings’, then, on the left panel, under ‘Personal’ click ‘Security’, then under ‘Devices & sessions’, in the ‘App name’ field enter Pax_Fax, then click the ‘Create new app password’ button. The password will be displayed only when created. Copy the password, click the ‘Done’ button, enter the password in the constructed callback URL between ‘:’ and ‘@’ as shown above, copy the entire callback URL to a safe location, then enter the callback URL in the field Phaxio callback URL for incoming faxes. The next step is to enter the callback URL that you have just created in your Phaxio account: log in to Phaxio, click ‘Phone Numbers’ on the left panel, click the settings wheel on the row of the phone number for which you want to set up the callback URL, enter the URL in the ‘Callback URL’ field, then click ‘Save’. Also, click on ‘Webhooks’ on the left panel, then scroll down to ‘Webhook Version’ and choose ‘Version 2.1.0’, then click the ‘Update’ button.

– check the ‘I want to see a notification in Nextcloud when a new fax is received‘ checkbox if you want to receive Nextcloud notifications when new faxes arrive.

– in the ‘I want to receive a notification to the email address from below, when a new fax is received‘ field enter your email address if you want to receive an email notification when new faxes arrive.

Click the ‘Save’ button at the bottom of the page to save all the settings to the database.

26.7.4.1. Using Pax Fax

To use Pax Fax, click on its icon on the upper bar. You can see the current Phaxio balance by clicking the ‘Phaxio balance’ refresh button. Then, on the ‘Set ID’ line, you can first refresh the list of the available IDs, then choose from the drop-down list one of your Phaxio fax numbers, or the blank space if you want to send a fax with no Sender ID. If you don’t choose a fax number as Sender ID, the receiver will see the fax as coming from one of Phaxio’s internal numbers.

Next, in the phone number field enter the reveiver’s fax number preceded by the country calling code. For example, a German fax number would look like this:

where 49 is the country calling of Germany. You can enter up to 15 fax numbers separated by comma in this field, if you want to send the fax simultaneously to multiple recipients.

Next, upload a file from your computer to send as fax, or choose a file from Nextcloud. Allowed formats are: pdf, odt, jpg, png, txt, tif, html, doc, docx. You can upload or choose from Nextcloud multiple files to be sent in the same fax call, one after the other; you can send up to 20 files in one fax call, with a cumulative size of up to 20 MB, and up to 200 pages. If you have more pages to send, you can split them in two or more groups and send them in multiple fax calls.

Then click ‘Send Fax’. You can see the sent faxes by clicking on the ‘Sent Faxes’ button and the received faxes by clicking on the ‘Received Faxes’ button. If sending a fax fails because the fax number was wrong, or the connection dropped, or the receiving fax machine had a problem, etc., you will find the failed fax in the Pax_Fax/faxes_sent_failed folder or by clicking on the ‘Failed Sent Faxes’ button. Similarly, if for some reason an incoming fax fails, you will find a failed fax file in the Pax_Fax/faxes_received_failed folder, or by clicking on the ‘Failed Received Faxes’ button. The faild faxes files will be empty but they will have a name that will include the date of the received fax.

All the received faxes will be pdf files and all the sent and received faxes will have the date of sending/receiving included in their names, as well as the to/from fax numbers, so that they can be easily found by their destination/origin fax number or by their date, using the search function of Nextcloud. To use the Nextcloud search function to filter the sent/received faxes navigate to Pax_Fax/faxes_sent or Pax_Fax/faxes_received and enter a fax number or a date in the search box located on the upper bar.

If you follow all the instructions of this guide to properly install and use Nextcloud and Pax Fax and you also follow the steps presented on this Phaxio page, your faxes sent via Phaxio will be HIPAA-compliant (Health Insurance Portability and Accountability Act).

If you send as fax a jpg, png or tiff image with a height between 500 px and 700 px, in general, Phaxio will flip the image on its side clockwise and enlarge it, so that it becomes easier to distinguish on the receiver side.

Please note that if you want to send as fax a jpg, png or tiff image which is more than 700 px in height, it’s safer to paste it inside an A4-sized or letter-sized page of a pdf, odt or docx document and send it included in that document. Otherwise, Phaxio can downsize it automatically so much, that its content can be difficult to distinguish.

Please also note that when using Pax Fax, from time to time, you will get a ‘failed incoming fax’ notification in Nextcloud and a notification email, if email notifications are enabled. This failed incoming faxes are very rarely true faxing attempts that failed due to legitimate reasons, such as phone line congestion, etc. In general, they are scamming attempts: scammers try to make very short calls to random numbers and if the receivers call them back to see what they want, the receivers get charged large amounts of money for international calls, since the calling numbers are set up as premium-rate numbers and are typically located overseas. Therefore, our advice is to totally ignore all the ‘failed incoming faxes’ notifications. You shouldn’t send a fax to such numbers or call them back, just because you received one or multiple failed faxing attempts from them. If an incoming fax fails for legitimate reasons, a legitimate fax sender will know that the fax failed and will send it successfully when (s)he will try again. The extremely short calls that you may get on fax numbers or regular phone numbers from unknown callers located overseas are highly suspect and should be ignored.

It’s important to know that Phaxio only charges for fax pages that get through and not for failed faxing attempts.

When you will click on the ‘Received Faxes’ or ‘Sent Faxes’ button and then open a pdf file or a jpg or png image sent as fax, you will notice that the viewer’s upper bar with the ‘Close’ button doesn’t show up. Therefore, to close the open pdf or jpg/png image, you will have to click the ‘Received Faxes’ or ‘Sent Faxes’ button again. This is because in the latest Nextcloud versions, the viewer’s upper bar with the ‘Close’ button was moved from below the Nextcloud upper bar right over it. Since the Nextlcoud upper bar is hidden in Pax Fax’ right panel, the viewer bar is not shown either:

However, if you install the ‘Custom CSS’ app, you can overcome this problem and make the viewer’s upper bar appear at the top of open pdf/jpg/png files, as shown below:

This has the disadvantage that when you will open any odt, ods, odp, docx, xlsx, pptx, etc. file with Collabora Online, the bottom bar containing the search box, the language drop-down list, the zoom level indicator, etc., will be pushed downwards and will not be visible. If you still want to install the ‘Custom CSS’ app, just click on the user icon in the upper right corner > ‘Apps’, then enter ‘Custom CSS’ in the search box on the Nextcloud upper bar. When you find the ‘Custom CSS’ app click on the ‘Download and enable’ button to install it. Once the app is installed, click again on the user icon > ‘Settings’, then, on the left panel, under ‘Administration’, click on ‘Theming’ and scroll to the bottom of the page. There, in the ‘Custom CSS’ text area enter:

Click ‘Save’ to save the changes. From that moment on, the viewer’s upper bar will be shown below the Nextcloud upper bar and you will be able to use it to close open pdf/jpg/png documents in Pax Fax.

26.7.4.2. Pax Fax workflow

Please note that any individual user will have to have the Pax Fax credentials on the settings page of Pax Fax, under ‘Personal’, in their own Nextcloud account in order to be able to use the application. In general, the admin, who creates the Nextcloud account for each regular user, enters his own API Key and API Secret on the Pax Fax settings page of each regular user Nextcloud account. The API Key and Secret, as well as the webhook token and the callback URL are invisible to the regular users, because they are replaced with placeholders once they are saved to the database (encrypted). In this way, all the received faxes will be saved in the Pax_Fax/faxes_received directory of the admin Nextcloud account and not in the regular users’ Pax_Fax/faxes_received respective directories. If the admin wants any other users apart from himself to see the received faxes, he has to share the Pax_Fax/faxes_received folder with those users. With sent faxes, the situation is different: if a Nextcloud user sends a fax, the sent fax will be saved in the Pax_Fax/faxes_sent folder of that respective user, regardless if he is a regular user or the admin. If the admin wants to see what faxes were sent by what users, he can ask the users to share their Pax_Fax/faxes_sent directories with him, or he can inspect/download the sent faxes of any user directly via FTP, by connecting to the server and navigating to /var/www/cloud. example.com /data/ username /files/Pax_Fax/faxes_sent directory, where example.com is the Nextcloud domain and username is the name of the user.

Like with other Nextcloud applications, the admin can restrict the use of Pax Fax to certain user groups by clicking on the profile picture in the upper right corner > Apps, then by clicking on ‘Pax Fax’ in the list of apps, then by checking the ‘Limit to groups’ checkbox, then entering the name of the group whose members will be alllowed to use the application.

However, if a Phaxio account has multiple fax numbers associated with it, different Nextcloud users of Pax Fax can use different fax numbers of the same Phaxio account, each number having a different webhook for receiving faxes. In this situation, if a fax is received on one fax number, it will be saved only in the Pax_Fax/faxes_received directory of the user whose fax number received the fax. Also, different users of Pax Fax can have different Phaxio accounts, each with its own associated fax number(s). In this situation again, if a fax is received, it will be saved only in the Pax_Fax/faxes_received directory of the user whose fax number received the fax.

It’s good to know that Phaxio gives its users the ability to receive all incoming faxes as email attachments. If you don’t want your faxes to be received by Pax Fax and you want to receive them as email attachments, log in to Phaxio, click on ‘Phone Numbers’ on the left panel, click on the wheel next to the fax number(s), delete the webhook URL associated with the number(s) for receiving faxes, click ‘Save’, then click on ‘Webhooks’ on the left panel and in the ‘Sent Handler’ and ‘Received Handler’ fields enter mailto: admin@example.com where admin@example.com is the email address where you want to receive your faxes, then click ‘Update’. On the same page, in the ‘Webhook Version’ field, make sure it’s Version 2.1.0 selected.

For increased privacy it’s recommended that you configure your Phaxio account so that the sent/received faxes are not stored on Phaxio’s servers. To do this click on ‘Fax’ on the left panel, then scroll down and uncheck ‘Store sent fax files on Phaxio server?’ and ‘Store received fax files on Phaxio server?’, then click ‘Update’.

On the same page, there is another checkbox: ‘Receive faxes that only partially completed’. It’s recommended to check this checkbox. You can also check the ‘Include caller name for received faxes’ checkbox, but if you do, you will be charged $0.08 per received page instead of $0.07, for faxes from USA or Canada. Leave all the other settings as they are, then click ‘Update’.

26.7.4.3. Upgrading Pax Fax

Pax Fax can be upgraded like any other Nextcloud application. If you click on the profile picture, then on Apps, and you see that Pax Fax has an active ‘Update’ button, click on it and the new version will be installed.

26.7.5. Install the Calendar app

To install the Calendar app click on the upper right corner user icon > click on ‘Apps’ > click on the ‘Search’ icon on the Nextcloud upper bar, search for ‘Calendar’ > when the app is found click on ‘Download and enable’.

To open the Calendar app click on its shortcut on the Nextcloud upper bar.

To create a new calendar, click on the plus sign next to ‘New calendar’ on the left panel and choose ‘New calendar’. Enter a name for the new calendar then click the arrow to create the calendar. You can create multiple calendars. To toggle the visibility of a calendar just click on its name. On the left panel you can choose the month to view, you can switch between Day/Week/Month/List view for the selected calendar(s) and you can create a new event by clicking on the ‘New event’ button. Yet, the best way to create events is by clicking on the rectangle of the day of the month in which you want to place the event.

While a calendar is displayed in ‘month view’, if you click on a day of the month, the ‘New event’ panel will open at the right end of the screen. There you can enter a suggestive name for the new event, you can choose the name of the calendar to which the event will belong, if you have multiple calendars, you can choose the moment when the event will start and the moment when it will end or whether it will last all day.

On the ‘Details’ tab you can add a location for the new event, a description, whether the event is confirmed or not, the visibility of the event in shared calendars, whether the time interval of the event will count as busy or free time, you can add a category and a specific color to the event.

On the ‘Attendees’ tab you can search for other Nextcloud users to add as attendees to the newly created event. You can also enter the email addresses of attendees that are not Nextcloud users. After you add each attendee, you can click on the three dots next to their email address to assign them a role: ‘Chairperson’/’Required participant’/’Optional participant’/’Non-participant’. If you leave the ‘Send e-mail’ checkbox checked, the attendee will receive the invitation to the event by email, the moment you save the event.

On the ‘Reminders’ tab you can add a reminder for the event. You can choose the moment when the reminder will be sent (a day before the event starts, 30 minutes before the event starts, etc.). After the reminder is added, you can click on the three dots next to it to choose whether the reminder will be a notification or an email. If you choose ‘Notification’, the attendees will see a Nextcloud notification when they will log in to Nextcloud. If you choose ‘Email’, the attendees will receive an email on the moment of the reminder. However, Nextcloud can send emails at specific times only if its cron script is run at those specific times. So, to enable email notifications, you will need to set up a cron job on the server, that will run the cron script inside Nextcloud with a specific frequency. So, on your server run:

At the bottom of the file enter the following lines:

Replace example.com with your main domain. Of course, you can run the Nextcloud cron script with a higher or lower frequency, like once every 10 or 5 minutes, or once every hour, etc. After setting up this cron job, make sure that in Nextcloud Settings, under ‘Administration’ > ‘Basic settings’ > ‘Background jobs’, the ‘Cron’ option is selected.

On the ‘Repeat’ tab, you can choose if the new event should be repeated, and with what frequency (once every day/several days, once or multiple times per week, month, year).

You may find useful the fact that you can share a calendar with persons that don’t have a Nextcloud account. To create the public share link for a calendar, click on the share sign next to the calendar name, on the left panel, then click on the plus sign. You can then copy the public access link to clipboard by clicking on the ‘Copy public link’ icon. If you send the public access link by email to somebody, they can open it in a browser and have read-only access to the calendar, without being logged in to Nextcloud.

26.7.5.1. Add Nextcloud calendars as remote calendars in Thunderbird

First click on the Calendar app icon. If you click on the three dots next to the name of each calendar, and then on ‘Copy private link’, you can get the URL of that respective calendar that you can use to add it to Thunderbird. Next open Thunderbird, go to File > New > Calendar > Check ‘On the Network’ > Next > check CalDAV, enter your Nextcloud username and the calendar’s URL copied earlier, leave ‘Offline Support’ checked > Next > enter a name for the new calendar, leave ‘Show Reminders’ checked, select the email you want to associate with this calendar > Next > Finish. To see the new calendar, go to ‘Events and Tasks’ > Calendar (or click on the ‘Switch to the calendar tab’ icon located in the upper right corner). The name of all the calendars will be listed on the left panel.

26.7.5.2. Upgrading the Calendar app

The Calendar app can be upgraded like any other Nextcloud application. If you click on the profile picture, then on Apps, and you see that Calendar has an active ‘Update’ button, click on it and the new version will be installed.

26.7.6. Install the Tasks app

To install the Tasks app click on the upper right corner user icon > click on ‘Apps’ > click on the ‘Search’ icon on the Nextcloud upper bar, search for ‘Tasks’ > when the app is found click on ‘Download and enable’.

To open the Tasks app click on its shortcut on the Nextcloud upper bar.

Tasks are grouped in tasks lists. To create a new tasks list, on the left panel click on ‘Add List…’, enter a name for the new list, choose a color, then click on the tick sign to save the new list. Then on the right panel, in the ‘Add a task’ text box enter a short suggestive name for the new task and press Enter to save it. In order to edit the task and set its description, due date, etc., click on its name. When you click on a task’s name, a new vertical panel will open at the right end of the screen. There you can set a start date for the task, a due date, the way it will be shown when shared, the priority, the degree of completeness, the category associated with it, a description, etc. If you click on the three dots next to the task name, you can see a menu with an option to add a subtask. If you want to add a subtask click on the ‘Add subtask’ option, enter a name for the new subtask, then click on its name to enter its details like you did for the parent task. You can even add subtasks to subtasks in this way.

If you want to share a list of tasks with other Nextcloud users, on the left panel, click on the name of the tasks list to select it, then click on the share button, then enter the name of the Nextcloud user whom you want to share the tasks list with, then click on its name.

When you click on a tasks list on the left panel and all its tasks are displayed on the right panel, you can click on the ‘Change sort order’ button next to the ‘Add a task’ text box, to order the tasks by various criteria: start date, due date, last modified, priority, alphabetically, etc.

26.7.6.1. Upgrading the Tasks app

The Tasks app can be upgraded like any other Nextcloud application. If you click on the profile picture, then on Apps, and you see that Tasks has an active ‘Update’ button, click on it and the new version will be installed.

26.7.7. Install the Forms app

To install the Forms app click on the upper right corner user icon > click on ‘Apps’ > click on the ‘Search’ icon on the Nextcloud upper bar, search for ‘Forms’ > when the app is found click on ‘Download and enable’.

To open the Forms app click on its shortcut on the Nextcloud upper bar. To create a new form click on the ‘Create a form’ button, enter the name of the form and a short description in the respective text boxes. Then click the ‘Add a question’ button to add a question to the newly created form. You will see a menu with multiple types of answer for the new question: Checkboxes, Multiple choice, Dropdown, Short answer, Long text, Date, Datetime. Choose the type of answer which best suits your question and click on it. Next enter the text of the question and the tags for the checkboxes/multiple choice radio buttons, dropdown menu, etc. If you click the three dots next to the question, you can check the ‘Required’ checkbox, so as to make the question mandatory. To add a new question click again on the ‘Add a question’ button and repeat the process.

In the upper right corner of the screen you will see the ‘Toggle settings’ icon. If you click on it, you will see a new vertical panel, in which you can choose how you want to share the form. If you click on the ‘Copy share link’ button, the URL of the form will be copied to the clipboard and you can send it by email or by other means to any person whom you want to get answers from. That person can have direct access to the form using that URL. The default method for sharing is ‘Share via link’ but there are other two options: ‘Show to all users of this instance’ and ‘Choose users to share with’. Under ‘Settings’ you can check ‘Anonymous responses’ to allow anonymous users to fill in the form and send it; you can check ‘Allow multiple reponses per person’ and you can also set up an expiration date by checking the ‘Set expiration date’ checkbox and entering a date after which the form will be inaccessible.

To see the responses sent by various users click on the ‘Response’ button located in the upper right corner of the form. You will see a screen similar to this:

On the ‘Summary’ tab you will see a summary of all the answers, while on the ‘Responses’ tab you will see the actual answers of all users. If you click on the three dots next to the ‘Responses’ tab, you will see the ‘Export to CSV’ option, which you can use if you want to export the answers to the form’s questions in csv format.

26.7.7.1. Upgrading the Forms app

The Forms app can be upgraded like any other Nextcloud application. If you click on the profile picture, then on Apps, and you see that Forms has an active ‘Update’ button, click on it and the new version will be installed.

26.7.8. Install the Polls app

To install the Polls app click on the upper right corner user icon > click on ‘Apps’ > click on the ‘Search’ icon on the Nextcloud upper bar, search for ‘Polls’ > when the app is found click on ‘Download and enable’.

To open the Polls app click on its shortcut on the Nextcloud upper bar. To create a new poll click the ‘Add new Poll’ button, enter a name for the new poll, choose its type (‘Date poll’ or ‘Text poll’) and click ‘Apply’. To add a new option to the poll click the ‘Add some!’ button. The ‘Details’ panel will open. Here, in the ‘Add a new text/date option’ text box you can enter the name of the option and click the arrow to save it. In this manner you can enter as many options as you need. All the options will show up on the middle panel, like below:

Below the options there is the ‘Receive notification email on activity’ checkbox that you can check if you want to receive an email notification each time a user takes the poll. However, to properly enable the Polls app to send email notifications on new activity, you will need to set up a cron job to regularly run the cron script included in Nextcloud, like we explained for the Calendar app. To run the cron script every 15 minutes you will need a cron job like this:

Where example.com is your main domain. After setting up this cron job, make sure that in Nextcloud Settings, under ‘Administration’ > ‘Basic settings’ > ‘Background jobs’, the ‘Cron’ option is selected.

On the ‘Configuration’ tab of the Details panel you can enter a description, you can check options to allow admins to edit the poll, to allow ‘maybe’ votes, to allow anonymous users to take the poll, to close the poll or set up a closing date, to give access to the poll to all users or only to invited users, to display the results at all times, only after the poll is closed or never, etc.

On the ‘Shares’ tab, under ‘Effective shares’ you can search for Nextcloud users and select them in order to share the poll with them, or you can enter the email address of external users, that don’t have a Nextcloud account. After you add a user under ‘Effective shares’, its name or email address will show up under ‘Unsent invitations’, at the bottom of the panel. You can send users emails to invite them to take the poll, by clicking on the right arrow next to their name or email address.

Under ‘Public shares’, if you click the ‘Add a public link’ button, you create a URL which you can copy to the clipboard by clicking the ‘Copy link to clipboard’ button. Then you can send that URL by email or by other means to any person, so that they can access the poll without having a Nextcloud account.

On the ‘Comments’ tab, in the ‘New comment’ text box you can enter various comments related to the poll.

Once the poll results begin to arrive, if you selected ‘Always show results’ on the ‘Configuration’ tab, when you click on the ‘Switch to desktop view’ button located in the upper right corner of the middle panel, you will see the detailed results of the poll in a table, like below:

26.7.8.1. Upgrading the Polls app

The Polls app can be upgraded like any other Nextcloud application. If you click on the profile picture, then on Apps, and you see that Polls has an active ‘Update’ button, click on it and the new version will be installed.

26.7.9. Install the ‘External storage support’ app

Using the ‘External storage support’ app, you can mount in Nextcloud any directory that is outside the /var/www/cloud. example.com /data directory of Nextcloud. To prevent errors during future upgrades, it’s recommended to mount a directory that is outside the /var/www/cloud. example.com directory. It should be also readable and writable by the HTTP server user, www-data . Thus, you’ll have to set the following permissions for the directory that you want to mount in Nextcloud:

A directory that you will want to mount in Nextcloud is /var/bm_archives , where Backup Manager stores the archives of all the important directories and which can also be used to store the archives of applications that you will make manually before upgrading those applications, as we described earlier. Once /var/bm_archives is mounted, you can use Nextcloud to download all the archives in that directory to your computer, when you need to.

To enable the ‘External storage support’ app click on the upper right corner user icon > click on ‘Apps’ > click on the ‘Search’ icon on the Nextcloud upper bar, search for ‘External storage support’ > when the app is found click on ‘Enable’.

We’ll exemplify how to mount an external directory in Nextcloud, using the /var/bm_archives directory.

Click on the upper right corner user icon > Settings > on the left panel, under ‘Administration’, click on ‘External storages’. Next, in the ‘Folder name’ textbox enter the folder name that you want to appear on the ‘Files’ page, for example, Server_Backups; in the ‘External storage’ field choose ‘Local’, in the ‘Authentication’ field choose ‘None’, in the ‘Configuration’ field enter the full path of the folder you want to mount, which in this case is /var/bm_archives , in the ‘Available for’ box choose the users or user groups that will have access to the mounted folder. Next click on ‘Save’. That’s it.

We’ll show later how to configure Backup Manager to save all the backups to /var/bm_archives . In this way, you will be able to download all the backups to your desktop/laptop, with the click of a button, like you would do with any other Nextcloud files or folders. For the moment, set the right ownership and permissions for /var/bm_archives , so that all the archives stored in it could be accessed using Nextcloud’s web interface:

26.7.9.1. Upgrading the ‘External storage support’ app

The ‘External storage support’ app can be upgraded like any other Nextcloud application. If you click on the profile picture, then on Apps, and you see that ‘External storage support’ has an active ‘Update’ button, click on it and the new version will be installed.

26.7.10. Install the ‘Antivirus for files’ app

To install the ‘Antivirus for files’ app click on the upper right corner user icon > click on ‘Apps’ > click on the ‘Search’ icon on the Nextcloud upper bar, search for ‘Antivirus for files’ > when the app is found click on ‘Download and enable’. Then go to Settings > Administration > Security > scroll down to the ‘Antivirus for Files’ section, set ‘Mode’ to ‘ClamAV Daemon (Socket)’; in the ‘Socket’ field enter /var/run/clamav/clamd.ctl . You can leave the ‘Stream Length’ set to ‘26214400’ (this value sets the number of bytes read in one pass); you can also leave the ‘File size limit for periodic background scans’ set to ‘-1’, which means no limit of file size; in the ‘When infected files are found during a background scan’ field select ‘Delete file’, to have the infected files deleted right when they reach the server, then click ‘Save’.

To test if ClamAV scans, detects and deletes an infected file, save the following string, in a txt file:

This will create a standard antivirus test file. Then put that file in a folder, archive the folder as zip or other archive format, then try to upload the archive to Nextcloud. The upload will begin but then you will see the message: “Virus Win.Test.EICAR_HDB-1 is detected in the file. Upload cannot be completed.” and Nextcloud will refuse the upload, so nothing will be saved on the server. Then, the /var/log/clamav/clamav.log file will also mention the detection:

instream(local): Win.Test.EICAR_HDB-1(44d88612fea8a8f36de82e1278abb02f:68) FOUND

26.7.10.1. Configure ClamAV to periodically scan Nextcloud directories and mail directories

Once Nextcloud and all the important apps are installed, you can configure ClamAV to periodically scan the Nextcloud directories. We’ll also configure ClamAV to scan the mail directories periodically, since they are also very sensitive. This is a reasonable thing to do, because although ClamAV scans files the moment they are uploaded to Nextcloud or the moment emails arrive, at a later date, when the virus signatures get updated, ClamAV can detect viruses that it didn’t detect before, on real-time scanning.

First create a directory to store the scan reports:

Create the cron job:

Enter the following lines:

Replace example.com with the main domain on your server.

The results of the periodic scan will be read by ‘System Health and Security Probe’, which we’ll present later, and will be included in the periodic email reports sent to the admin. The results will be displayed also on the dashboard of ‘RED Scarf Suite Panel’, which we’ll also describe later.

26.7.10.2. Upgrading the ‘Antivirus for files’ app

The ‘Antivirus for files’ app can be upgraded like any other Nextcloud application. If you click on the profile picture, then on Apps, and you see that ‘Antivirus for files’ has an active ‘Update’ button, click on it and the new version will be installed.

26.8. Note about the Talk and Mail apps

The Talk app seems very attractive because it promises to allow Nextcloud users to have text, audio and video conversations and even video conference calls. Its main advantage is that it allows quick one-to-one audio/video calls to other users of the same Nextcloud instance or to external users. However, it has a big structural problem: it works peer to peer, which means that each participant sends a stream to every other participant and receives a stream from every other participant. In this way, the bandwidth usage grows rapidly with each new participant and together with the computing effort to decode each video stream, it puts a big strain on the participant’s system. This is why conferences with more than 5 participants generally don’t work. Indeed, there is a component called High Performance Backend (HPB) that has been “open-sourced” and can be used as a signaling server to increase the performance and scalability of the Talk app, but this component has high hardware demands, it’s complicated to install and not clearly documented. In addition to this, the only way to use Talk in conjunction with the High Performance Backend to make/receive phone calls to/from real phone numbers, is to add a proprietary SIP bridge to the High Performance Backend, offered by Nextcloud’s partner, Struktur AG. For these reasons, we didn’t include Talk in RED SCARF Suite. Of course, if you think you will only need to have one-to-one audio/video calls or video conferences with 5 participants or less, or that you won’t need to call and receive calls from real phone numbers, you can try installing and using it.

If, on the contrary, you want to use an application that allows good quality video/audio/text conversations with other users, as well as video conferences, which includes a central server (Asterisk, installed on your server) and also allows calls to/from real phone numbers on the Public Switched Telephone Network (PSTN), then you may want to use Roundpin, an application that we built in order to offer precisely what Nextcloud Talk doesn’t offer. Roundpin can be installed independently of Nextcloud and it aims to be a FOSS self-hosted alternative to Zoom, under your full control. Roundpin is part of RED SCARF Suite and in the next chapter of this guide we describe how to install and use it.

The Mail app can also seem attractive to many Nextcloud users. However, if you install it, you will see that it lacks important features and you will understand why we didn’t include it in RED SCARF Suite and why Roundcube is the only web based IMAP client that you will need.

26.9. Use Fail2ban to protect Nextcloud against brute-force attacks

First create a Fail2ban configuration file for Nextcloud:

Add the following content inside:

Then edit the /etc/fail2ban/jail.local file:

Add the following block under the [phpmyadmin] block:

26.10. Installing the Nextcloud Desktop Synchronization Client

Nextcloud can be used without installing a desktop synchronization client. You just upload any files that you want to your Nextcloud server while also keeping the files on your local computer. However, if you want to synchronize a folder (or multiple folders) from your desktop/laptop with your Nextcloud server, so that any file that you save in that folder gets automatically uploaded to Nextcloud, you can install the Nextcloud Desktop Synchronization Client.

To install the Nextcloud Desktop Synchronization Client on Debian 11 run:

Then, you can install the package that integrates the Nextcloud Desktop Synchronization Client with your file manager, as follows:

If your desktop environment is Mate, run:

If you are using Gnome run:

If you are using Plasma run:

If you are using Cinnamon run:

Please note that even if you install the client while logged in as root , you will not be able to start it as root . To be able to start the Nextcloud Desktop Synchronization Client and connect it to your Nextcloud server, you have to log in to your desktop/laptop as a regular user (we’ll show below how you can actually use the client even logged in as root , but to connect it to your remote server, you have to log in as a regular user).

While logged in as a non-privileged user, create a folder that you want to synchronize with your Nextcloud server, preferably in /home/ nameofuser . Give this folder a suggestive name, such as synchronized_with_nextcloud , so, the path of the new folder will be /home/ nameofuser /synchronized_with_nextcloud . Then go to the Main Menu > ‘Accessories’ > ‘Nextcloud desktop sync client’. You will see the following screen:

Click ‘Log in’. The next screen will let you enter the URL of your Nextcloud server:

Enter your username and password and click ‘Log in’.

In the next screen, under ‘Server’ select ‘Choose what to sync’ and click the ‘Choose what to sync’ button to choose the remote folder from your Nextcloud server that you want to sync with your local folder. Under ‘Local Folder’ click the button and choose the local folder that you want to sync with the remote Nextcloud folder, namely the folder that you have created earlier, /home/ nameofuser /synchronized_with_nextcloud . Then click ‘Connect…’. The two folders will be synchronized automatically and you will see a green tick sign with the name of the remote folder, with the specification: ‘Synchronized with local folder’. Please note that the synchronization process is bi-directional, in the sense that when you add a file in the local folder it will be automatically uploaded to the remote folder and when you add a file to the remote folder, it will be automatically added in the local folder. The same thing will happen when you modify an existing file.

You can sync additional local folders with remote folders. To add a local folder to the sync client, click on the ‘Add Folder Sync Connection’ button on the client’s main screen. You will be able to select a new local folder that you want to sync, then, after you click ‘Next’, you will be able to choose a remote folder to sync with.

Next, click on the ‘General’ tab of the client and under ‘General Settings’ you can check ‘Launch on System Startup’, if you want the sync client to start at system startup.

If you want to use the Nextcloud Desktop Synchronization Client while logged in as root, you will have to start it in command line, under the regular user. To make things simpler, you can create a small script in a directory like /srv/scripts :

Add the following lines inside this file:

where nameofuser is the username of the regular user that you used to connect the client to your Nextcloud server. Change permissions:

Then, when you want to start the client run:

Before starting, Nextcloud Desktop Synchronization Client will ask you to enter your root password.

In the client’s main screen, if you click on the three dots next to the name of the synchronized remote folder and choose ‘Open folder’, you will open the local synchronized folder.

Please note that if you implement basic HTTP authentication for the login page of Nextcloud ( https://cloud. example.com ), the sync client will fail to connect to the remote server because it doesn’t have a mechanism to specify the username and password required by basic HTTP authentication. This is the only reason why we didn’t show how to implement basic HTTP authentication when we described how to configure Nginx for Nextcloud. If you are confident that you won’t need Nextcloud Desktop Synchronization Client in the future, you can implement basic HTTP authentication for the Nextcloud login page in the same way as we showed for other applications, such as Dolibarr, to add an extra layer of security to Nextcloud.

Nextcloud also offers a desktop synchronization client for Windows and macOS ( https://nextcloud.com/install/#install-clients ). However, since we strongly discourage the use of these operating systems, because of their contempt for digital freedom and privacy, we won’t describe how to install and use the sync clients for them.

There are also Nextcloud synchronization clients in the form of mobile apps for Android and iOS ( https://nextcloud.com/install/#install-clients ). Since we also discourage the use of both Android and iOS because of their digital freedom restrictions and privacy issues, we won’t present how to install and use these apps. The only setup that would be acceptable would be that in which you use a PinePhone and try to install the Nextcloud sync client from F-Droid.

26.11. Upgrading Nextcloud

As mentioned before, Nextcloud can work flawlessly for years and then break or loose functionalities, or generate errors, just because of a simple upgrade, even if the version of Nextcloud that you installed is tagged as ‘stable’. This happens because Nextcloud is so complex and the apps that can be installed are so numerous, that it’s still possible that some bugs will go undetected when new Nextcloud versions get released. This is true both for major and minor new versions. To prevent the situations in which you have to loose entire days to find solutions to problems generated by such upgrades, we recommend upgrading Nextcloud only after upgrading Debian, which means once every 2 years. The only exceptions to this general rule should be the cases in which critical security vulnerabilities will be discovered and you will need to install newer versions sooner, to apply the fixes. To find out if and when critical security vulnerabilities will be discovered in Nextcloud, you can check web pages like this periodically, or you can subscribe to our ‘Updates Newsletter’. Subscribers get an email each time a security vulnerability that needs to be fixed urgently by an upgrade is discovered in Nextcloud, or in any other application that is part of RED SCARF Suite.

Therefore, it’s recommended to ignore all the notifications received in Nextcloud about new versions being available, and proceed to upgrade Nextcloud only once every 2 years, after you upgrade Debian. Before doing the actual Nextcloud upgrade, it’s also recommended to check if the new version has been tested and confirmed to function well and as a result it has been included on the list available on this page. If the new Nextcloud version that you intend to upgrade to hasn’t been included on the mentioned list, it means it’s safer to keep the old Nextcloud version running and upgrade later.

The major Nextcloud versions are 20, 21, 22, 23, 24, etc. and the minor versions are intermediate versions for each major version, like 20.0.1, 21.0.4, 23.0.2, etc. Before you can upgrade to the next major version, Nextcloud has to be upgraded to the latest minor version. You cannot skip major Nextcloud versions. Even if your installed version is two or more versions behind the latest Nextcloud version, the standard way to upgrade is to re-run the upgrade process described below for every superior version, until the latest version available.

Before upgrading Nextcloud, make sure you backup the Nextcloud database (using phpMyAdmin) and the /var/www/cloud. example.com directory (with the tar czf command). Don’t forget to include the date in the name of the backup files. The built-in updater makes some backups, but it doesn’t backup the Nextcloud database or the /var/www/cloud. example.com /data directory.

You can upgrade Nextcloud by using either the web based updater, or the command line.

It’s easier to use the web based updater.

Before the upgrade you should temporarily disable the ‘External storage support’ app, so as to avoid errors during the upgrade process.

To upgrade Nextcloud using the web based method, follow these steps:

1. Once there is a new update available, Nextcloud will display a notification when you log in. Click on the upper right corner profile picture > ‘Settings’ > under ‘Administration’ click on ‘Overview’ > under ‘Version’ you will see the ‘Open updater’ button. This button as well as the update notification will only be available if the ‘Update notification’ app is enabled.
2. Click the ‘Open updater’ button.
3. Verify the information that is shown and click the button “Start update” to start the update.
4. In case an error happens or a check fails, the updater will stop and will show a message. You can try to solve the problem and then click the “Retry update” button. This will start the update and re-run the failed step. It will not re-run the previous steps that succeeded.
5. In case you close the updater before it finished, you can open the updater page again and proceed from the last succeeded step. Closing the web page will still execute the running step but will not continue with the next step, because this is triggered by the ‘open updater’ page.
6. Once all steps are executed, the updater will display the button ‘Disable maintenance mode and continue in the web based updater’. You can perform the actual upgrade using the web interface by clicking this button, or you can upgrade in command line by navigating to /var/www/cloud. example.com and running sudo -u www-data php ./occ upgrade . It’s easier to use the web interface, therefore, click the mentioned button.
7. You will see a screen with the message:

“Nextcloud will be updated to version n.n.n

The following apps will be updated:
…
Please make sure that the database, the config folder and the data folder have been backed up before proceeding”

After the upgrade, log in to Nextcloud, re-enable the ‘External storage support’ app, then go to Settings > Overview. You may see the following warnings:

“The database is missing some indexes. Due to the fact that adding indexes on big tables could take some time they were not added automatically. By running “occ db:add-missing-indices” those missing indexes could be added manually while the instance keeps running. Once the indexes are added queries to those tables are usually much faster.”

Update the indexes manually by running:

“The database is missing some primary keys. Due to the fact that adding primary keys on big tables could take some time they were not added automatically. By running “occ db:add-missing-primary-keys” those missing primary keys could be added manually while the instance keeps running.”

Add the missing primary keys by running:

“Some columns in the database are missing a conversion to big int. Due to the fact that changing column types on big tables could take some time they were not changed automatically. By running ‘occ db:convert-filecache-bigint’ those pending changes could be applied manually. This operation needs to be made while the instance is offline. For further details read thedocumentation page about this.”

Make the necessary changes manually by running:

If you also see a warning about the fact that PHP doesn’t have read access to /dev/urandom , just log out, restart Nginx, then log in again.

If after upgrade you experience problems receiving faxes with Pax Fax, go to Settings > Personal > Security > scroll to the bottom of the page, revoke the old Pax Fax app password by clicking on the three dots next to its name, then choosing Revoke. Then enter pax_fax in the box next to the ‘Create new app password’ button, then press the button to create a new password for Pax Fax. Then take the username and the newly created password, log in to your Phaxio account, go to ‘Phone Numbers’, click on the little wheel to the right of your phone number, then enter the new callback URL, containing the username and the new password, like this: